Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-18-2011, 09:22 AM
|
#1
|
LQ Newbie
Registered: Mar 2010
Posts: 12
Rep:
|
removeing symbolic links - directory
hi
i have a hacking attack on my server
where some one tried to implement shell
and scripts,
also in a directory he placed a symbolic link to my root.
i tried to remove it with rm directotyname
but it gave me :
> rm directotyname
rm: cannot remove directory `directotyname': Is a directory
how can i remove the symbolic link and make sure it will not happen again ?
thanks !
|
|
|
04-18-2011, 09:38 AM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,139
|
Quote:
Originally Posted by barnea10
hi
i have a hacking attack on my server where some one tried to implement shell and scripts, also in a directory he placed a symbolic link to my root.
i tried to remove it with rm directotyname but it gave me :
> rm directotyname
rm: cannot remove directory `directotyname': Is a directory
how can i remove the symbolic link and make sure it will not happen again ?
thanks !
|
You can read the man pages for rm and rmdir. Either type in "rm -fR <directory name>" or "rmdir <directory name>".
As far as making sure it won't happen again, there's no way for us to answer that, based on what you posted. You don't tell us the version/distro of Linux, the network environment, where the attack came from (or even provide proof there WAS an attack), and what you've done/tried so far. There are several threads on this site that deal with hardening a Linux system, as well as many general guides you can follow/find via Google.
Last edited by TB0ne; 04-18-2011 at 09:40 AM.
|
|
|
04-18-2011, 10:32 AM
|
#3
|
LQ Newbie
Registered: Mar 2010
Posts: 12
Original Poster
Rep:
|
Quote:
Originally Posted by TB0ne
You can read the man pages for rm and rmdir. Either type in "rm -fR <directory name>" or "rmdir <directory name>".
As far as making sure it won't happen again, there's no way for us to answer that, based on what you posted. You don't tell us the version/distro of Linux, the network environment, where the attack came from (or even provide proof there WAS an attack), and what you've done/tried so far. There are several threads on this site that deal with hardening a Linux system, as well as many general guides you can follow/find via Google.
|
when i try to
rmdir directory
i get -
rmdir: directory: Directory not empty
|
|
|
04-18-2011, 12:24 PM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,139
|
Quote:
Originally Posted by barnea10
when i try to
rmdir directory
i get -
rmdir: directory: Directory not empty
|
Ok...what part of that is unclear? The directory is not empty...so EMPTY IT.
Either go into the directory, and remove the files, or AGAIN, read the man pages for rm and rmdir. As I told you in my first reply, "rm -fR <directory name>" will remove it.
|
|
|
04-18-2011, 03:18 PM
|
#5
|
LQ Newbie
Registered: Mar 2010
Posts: 12
Original Poster
Rep:
|
Quote:
Originally Posted by TB0ne
Ok...what part of that is unclear? The directory is not empty...so EMPTY IT.
Either go into the directory, and remove the files, or AGAIN, read the man pages for rm and rmdir. As I told you in my first reply, "rm -fR <directory name>" will remove it.
|
thanks for your patience...
the directory is acting as symbolic link.
will ti be safe to strongly remove it ?
will it harm the server that pointed from it ?
how can i empty it ?
it doesnt contain anything when i click it i see all my root server directories.
|
|
|
04-18-2011, 04:18 PM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,139
|
Quote:
Originally Posted by barnea10
thanks for your patience...
the directory is acting as symbolic link. will ti be safe to strongly remove it ? will it harm the server that pointed from it ?
how can i empty it ?it doesnt contain anything when i click it i see all my root server directories.
|
Again, read the man pages for rm and rmdir. And if it's just a symbolic link, you'll just remove the link. However if you read the man pages for the ln command, it *MIGHT* hurt something, depending on how the link was made.
Once more, read the man pages. In my opinion, if you think your server has been compromised, your best course of action is: - Unplug it
- Format the drives
- Reinstall the OS
- Reinstall any applications from scratch.
- Reload ONLY application data from backups
- Examine EVERYTHING after you're back online.
Doing a piecemeal 'recovery' is 99% of the time, pointless. However you were compromised, the attacker still has that avenue available to them. Unless you identify what happened and how, you may as well not bother.
|
|
|
All times are GMT -5. The time now is 12:25 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|