Using lsattr, see is the immutable flag has been set. Normally, no flags should be set:
[EMAIL PROTECTED]:~> lsattr *.txt ----------------- 34sp-userguide.txt If the immutable flag has been set, you can unset it with chattr -i filename See "man lsattr" and "man chattr". While this will (hopefully) solve your immediate problem, the larger problem is that your system was possibly compromised, and the cracker has been messing with your flags. Which means you need to do major surgery on it (reinstall, tighten firewall rules, etc). good luck, RS Friday 03 June 2005 16:04, Andreas Hatz wrote: > Hello Debain Users, > > We have an interesting phenomenon occuring on one of our servers. We have > noticed that two files in the /bin directory have had their executable > permissions removed and we are unable to chmod the files as root. > > current file permissions: > -rw-r--r-- 1 root root 35464 May 31 13:02 /bin/login > -rw-r--r-- 1 root root 54152 Aug 29 2001 /bin/netstat > > when trying to change permissions: > > ns:~# whoami > root > > ns:~# id > uid=0(root) gid=0(root) groups=0(root) > > ns:~# chmod 755 /bin/login > chmod: changing permissions of `/bin/login': Operation not permitted > > We have tried doing the same thing from the rescue disc login prompt. same > outcome. > > This seems to be a serious security issue. Root user seems to have lost > control of some files. Other files can be changed using the above commands. > > Any ideas? > > Best regards, > > Andreas Hatz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
