Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-03-2001, 02:35 AM
|
#1
|
|
LQ Newbie
Registered: Sep 2001
Location: bkk
Distribution: redhat
Posts: 3
Rep: 
|
cannot remove hacker's file
A hacker has modified some system files in /etc. I could not find the way to remove (or modify) this file.
I have tried rm -f <filename> with supervisor priviledge (login as root) and got back the msg : "operation not permitted".
Pls. kindly advise
|
|
|
|
|
09-03-2001, 07:52 AM
|
#2
|
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
what are the permission levels on the files..? not sure if that will help or not, or can you change the permission levels then try to delete them.
|
|
|
|
|
09-03-2001, 09:53 AM
|
#3
|
|
LQ Newbie
Registered: Sep 2001
Location: bkk
Distribution: redhat
Posts: 3
Original Poster
Rep:
|
is the security level the same as file permission mode. If so, it is rwxr-xr-x i.e., root should be able to delete it.
if the security level is different from file permission mode, pls. advise how to check it.
|
|
|
|
|
09-03-2001, 10:16 AM
|
#4
|
|
Moderator
Registered: May 2001
Posts: 29,415
|
If its got spaces you have to quote em to remove them.
rm -f "/path/to/file/file name "
OTOH, if its not in the spaces try
lsattr /path/to/file/filename
to see if the u(undeletable) and i(immutable) bits have been set. If so,
chattr -iu /path/to/file/filename
will remove them, check with lsattr, then try to remove.
*Note there quite possibly are backdoors or compromised services installed. Unless you can *100%* verify the system is ok, I suggest you save your *human readable userdata* only, and reinstall from scratch.
|
|
|
|
|
09-14-2001, 05:54 PM
|
#5
|
|
Member
Registered: Apr 2001
Location: Gulf of Biscay
Posts: 32
Rep: 
|
(deleted) Excuse me
Last edited by reader; 09-14-2001 at 06:22 PM.
|
|
|
|
All times are GMT -5. The time now is 04:44 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
