Re: cannot remove files from /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Steve Siegfried wrote:
> As an aside: 99.99% of Linux programs don't mess with file attribute bits.
>              The only time I've seen these attributes modified in 
>              a non-orange-book-secure (i.e.: SELinux) environment
>              was done as part of a script-kiddie break-in/root-hack. 
>              Because of this, I'm gonna ask: are you sure you're not
>              being hacked even as you try and resolve this?  Suggest at a
>              minimum, you pick up a copy of chkrootkit available through
>              http://www.chkrootkit.org and run it.

Firstly, chkrootkit is in extras, although it's more trustworthy if you
run it from "known good" media (e.g. a CD). (It is possible for a
rootkit to modify the kernel so that everything looks good to
user-space).

Secondly, Rolf's problems could also come from a corrupted filesystem. I'd
recommend booting from a rescue CD, *not* mounting any filesystems, and
fscking the filesystem in question.

Lastly, although 99.9% of Linux *programs* don't mess with file
attribute bits, it's a lot more common at the distribution level (and I
seem to remember stuff like Bastille does it too)[1]. But the set of
attributes that have been set doesn't look right for that.

Hope this helps,

James.

[1] For example, setting immutable bits on key system binaries to make
rootkits' lives that much harder.
-- 
E-mail:     james@ | I'll be more enthusiastic about encouraging thinking
aprilcottage.co.uk | outside the box when there's evidence of any thinking
                   | going on inside it.
                   |     -- Terry Pratchett

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux