Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 2009-06-13 at 00:19 -0700, Linux Advocate wrote:
> <snip>
> > 
> > Note that /dev/shm is a tempfs file system. It will be dynamically
> > populated. I would expect the attack vector still resides on your system
> > somewhere else.
> > 
> 
> 
> i m looking for it bro...the machine is disconnected frm the net but i have not formatted it yet... i really need to know how it happened....

Have you run the rpm with the --verify? You'll need to get another
option or two to get it to give more verbose information.

It occured to me too that find file not providfed by any package might
give some clues (although most of what it may return will not be
problems). If you get a list of all file (use find so even "hidden" ones
appear) and then use rpm to find out --whatprovides you should get a
bunch - some user and a few not user files. These become candidates for
further inspection. There's always going to be a few that are not from a
package but are OK.

Good luck on your detecting.

<snip sig stuff>

-- 
Bill

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux