- 论坛徽章:
- 0
|
我这里有一台RH Linux AS 2.1的Server,最近因为一个家伙的粗心新增了个巨蠢的帐号(帐号密码都是test),结果被世界各地无数人登录过,NND ,汗啊.......
在俺发现这个情况时已经是一星期以后的事了,
现如今机器上被开了数个服务,大部分被我关了,但是又发现这台机器的好多系统命令被替换,如/bin/login, /bin/ps等等.这些文件我都删不掉,更别说替换了,提示是:Operation not permitted
 哪位高手,好心人帮帮忙啊.
我查出来的被替换掉的文件如下一大堆,看属性的话像是正常的,不过我的ls命令都被替换掉了,唉
-rwxr-xr-x 1 root root 32756 Mar 21 19:04 /bin/ps
/dev
/dev/log
/dev/ttyop
/dev/ttyoa
/dev/ttyof
/dev/ttyos
/proc/kmsg
find: /proc/7158/fd/4: No such file or directory
/var/log/sa/sa21
/var/log/sa/sar20
/var/log/samba/server03.log
/var/log/xferlog
/var/lock/subsys/atd
/var/lock/subsys/xinetd
/var/lock/subsys/syslog
/var/run/crontab.pid
/var/run/xinetd.pid
/var/run/syslogd.pid
/var/run/klogd.pid
/var/spool/cron
/var/spool/cron/operator
/var/tmp/local/debian
/tmp/ps
/tmp/ps
/etc/bashrc
/etc/rc.d/init.d/atd
/etc/rc.d/init.d/syslog
/etc/rc.d/init.d/functions
/etc/rc.d/init.d/xinetd
/etc/rc.d/init.d/sshd
/etc/logrotate.d
/etc/ssh/ssh_host_key
/etc/psdevtab
/etc/sshd_config
/etc/ssh_host_key
/usr
/usr/bin/dir
/usr/bin/du
/usr/bin/vdir
/usr/bin/find
/usr/bin/top
/usr/bin/killall
/usr/bin/chsh
/usr/bin/clean
/usr/bin/wp
/usr/bin/shad
/usr/bin/vadim
/usr/bin/imp
/usr/bin/slice
/usr/bin/sl2
/usr/sbin/atd
/usr/sbin/in.wuftpd
/usr/sbin/wu.ftpd
/usr/include/rpcsvc
/usr/local/games
/usr/local/games/identd
/usr/local/games/banner
/usr/local/sbin
/usr/local/sbin/sshd
/usr/doc
/usr/doc/wu-ftpd-2.6.0
/usr/doc/wu-ftpd-2.6.0/HOWTO
/usr/doc/wu-ftpd-2.6.0/examples
/usr/man
/usr/man/man1
/usr/man/man5
/usr/man/man8
/bin/netstat
/bin/ls
/bin/ps
/bin/login
/bin/shad
/root/ins/netstat
/sbin/ifconfig
/sbin/syslogd |
|
免费注册
发表于 2005-03-26 00:44
