Hi guys, I am afraid my happiness was short lived. To test if the deletion of the file (and the effects thereof) would be permanent I rebooted the system and consequently found another file (same size, same random lettering) booted up with everything else. :( ... The culprit is well hidden and regenerates itself ...
I did "file -k", "grep -ir" and most of the other things you guys suggested, but nothing showed up. I am now going through the "after-compromise" chapter as one of you suggested. I will run "sleuthkit" and report if anything is found. However, I am afraid a backup and re-installation is on the horizon for me ...... sigh ..... Can I make the "/etc/init.d" directory readable only with the contents thereof still executable ... untill I can properly back-up and install everything again? ... or maybe some other short term solution ... Thank You Danny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150106195126.GA8038@fever.havannah.local
