> > I tried to update my debian box which is running Potato. When libc6 tries
> to
> > install it fails giving an error about not being able to symlink
> libnss_db.so.2.
> > I took a look at libnss_db.so.2 and things are very odd. A 'ls -la' gives
One of the more knowledgeable hackers Ive had on my honeypot modified some
library files and made them undelete-able. Even as root. Drove me nuts
until I found a .history file he left behind (ok, not so smart). One of
the commands he did was
chatter +i filename
So I did a chatter -i filename and that fixed it. The chattr comman isnt
very well documented but I feel its like other command stha tare no longer
well documented because they are considered a bad idea, like rsh and suid
tricks.
By the way, to the first poster I recommend they do a few hack checks like
ls -blart /bin
ls -blart /sbin
ls -blart /usr/bin
(can you explain the change dates on the files at the end, especialy if
its files like login, ls, ps, find, netstat)
and do a
file /dev/* |grep -i asc
do any of the files say they are ascii or script files?
also try doing
ls -blart /dev
ls -blart /usr
to see if any new directorys with odd names show up such as ... or more
than one directory named . or ..
Better safe than... well, used as a dumb terminal :)
Gandalf Parker
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
