Hmmm. As far as "unsound advice" goes there seems to be a lot of it floating around.
First of all any action (and that includes wiping disks and re-installing the OS or any SW) without determining the cause first is inefficient and may well expose loopholes (if any) again. (That doesn't mean you shouldn't move to mitigate if a breach of security is suspected!) Secondly neither Chkrootkit or Rootkit Hunter "eliminate" threats: they only try to determine existence and mostly from collateral damage FWIW. Adding Samhain (standalone daemon, efficient due to Inotify use) and Linux Malware Detect (in case of a web server) is a good recommendation except it should, like proper system hardening, be done before trouble arises.
*The OP should answer question properly and in detail (esp. wrt file system b0rkage) and minimally post the following:
- file system type and fsck results,
- what applications make use of the "users" group,
- result of 'find /home/dave/JIodqkIaXJ -print0 | xargs -0 -iX stat -c "%a;%u;%g;%n;%F;%s;%x;%y" 'X';',
- result of 'inotifywait -m -e create -e open -e access -e modify -e close_nowrite -e close_write -r /home/dave/JIodqkIaXJ'.
|