[NTLUG:Discuss] root can not edit hosts.deny file
Kenneth Loafman
ken at lt.com
Tue Jun 17 13:14:37 CDT 2003
m m wrote:
> Hi All:
>
> Thanks for the tip.
> I have checked all files ind /var, /etc directories, the /etc/hosts.deny
> is the only file was set to i.
> what is the possibility that the box has been "rooted"?
>
> what are the other files that the hacker like to modify/changes?
Look primarily in the executables directories:
/bin/*
/lib/*
/sbin/*
/usr/bin/*
/usr/lib/*
/usr/sbin/*
/usr/local/bin/*
/usr/local/lib/*
/usr/local/sbin/*
in particular:
ls
ps
find
top
gtop
or, any file that shows process state (to keep the task hidden)
or, any file that shows filesystem state (to keep the files hidden)
Some crackers have the tools to modify the RPM database so a comparison
between what they installed and what the database shows is the same. I
don't know about DEB.
...Ken
More information about the Discuss
mailing list