hi,

here is file with following permissions and user ID's (actually there's no those ID's on my linuxbox)

-rwxr-xr-x 1 122 114 31504 Apr 9 2003 ifconfig

in fact, i can't it delete with root or each other user

#rm ifconfig
rm: remove write-protected regular file `ifconfig'? y
rm: cannot remove `ifconfig': Operation not permitted

# chown root:root ifconfig
chown: changing ownership of `ifconfig': Operation not permitted

how delete this file?


regards,
ks

For a start, why would you want to delete the ifconfig binary? I generally find it pretty useful..

Anyway, if you can't delete it as root, it's not a permissions problem, most likely the program is in use. You could try bringing down all network activity first. ("#init 2" for me)

or init 1

but really, deleting ifconfig is a stupid thing. Why do that?

chkrootkit reports, that it INFECTED, so i need delete it ant replace with good one

i have ~10 files with those strange permissions and ID's and, of course, i can't delete em'all

for example
ls -l /usr/sbin/lsof
-rwxr-xr-x 1 122 114 82628 Jul 18 2002 /usr/sbin/lsof

what distro are u using?
Why not replace the whole package?

i'm using debian


dpkg --ignore-depends=ifupdown -r net-tools
(Reading database ... 21778 files and directories currently installed.)
Removing net-tools ...
dpkg - warning: while removing net-tools, unable to remove directory `/bin/netst
at': Operation not permitted - directory may be a mount point ?
dpkg - warning: while removing net-tools, unable to remove directory `/sbin/ifco
nfig': Operation not permitted - directory may be a mount point ?
toksgw:/home/kestutis# apt-get install net-tools
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
net-tools
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 231kB of archives.
After unpacking 623kB of additional disk space will be used.
Get:1 http://debian.balt.net woody/main net-tools 1.60-4 [231kB]
Fetched 231kB in 3s (60.2kB/s)
Selecting previously deselected package net-tools.
(Reading database ... 21746 files and directories currently installed.)
Unpacking net-tools (from .../net-tools_1.60-4_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/net-tools_1.60-4_i386.deb (--unpa
ck):
unable to make backup link of `./sbin/ifconfig' before installing new version:
Operation not permitted
dpkg-deb: subprocess paste killed by signal (Broken pipe)
Errors were encountered while processing:
/var/cache/apt/archives/net-tools_1.60-4_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

I'd try to use a live-CD, e.g RIP, system-rescue or Knoppix
to clean the box up ... REALLY I'd just grab the most crucial
data, copy config files you don't want to lose and re-install
the box ...


Cheers,
Tink

have a 2nd look with rkhunter, chkrootkit kit has been known to generate false positives with the newer kernels

Go to the Security forum and read the sticky threads on what to do in case of a rootkit.

Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.

i've booted gentoo liveCD, mounted my HDD and, when trying
to rm getting same:

#rm ifconfig
rm: remove write-protected regular file `ifconfig'? y
rm: cannot remove `ifconfig': Operation not permitted

or

#rm netstat
rm: remove write-protected regular file `ifconfig'? y
rm: cannot remove `ifconfig': Permission denied



how to overide these permissions and ID's to remove these infected files?