It looks like a file that someone has been trying to hide, the fact that
it's in a non-user-writable directory means it was put there by something
running as root, so I'd imagine you've been compromised at some stage.
You should be able to pass the file into other programs on the commandline
with the help of tab completion. Try ls ..\ followed by a space and a tab,
hopefully the completion will figure out the other characters for you.
If you have been cracked, it's almost impossible to clean it up for sure
except by just reinstalling the whole OS,
Fergal
On Thu, Oct 18, 2001 at 02:31:55AM -0700, Chris Boyd wrote:
> I was looking for rootkits and came across something
> strange. Using RH 7.1
>> find / -name ".*" -print -xdev:
>> /usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/Image/Magick/.packlist
> /lib/..
> /root/.Xresources
>> then did a ls -la /lib:
>> total 8612
> drwxr-xr-x 7 root root 4096 Sep 16
> 00:04 .
> drwxr-xr-x 20 root root 4096 Oct 18
> 01:09 ..
> -rw-r--r-- 1 root root 27 Sep 16
> 00:04 .. ???
> lrwxrwxrwx 1 root root 14 Jul 10
> 05:01 cpp -> ../usr/bin/cpp
> drwxr-xr-x 2 root root 4096 Jul 10
> 04:56 i686
> drwxr-xr-x 2 root root 4096 Jul 10
> 04:59 iptables
> drwxr-xr-x 7 root root 4096 Jul 10
> 04:57 kbd
>>> then did cd /lib/ and then pressed TAB:
>> [root at leviathan /]# cd /lib/
> .. ^H^H^H libmemusage.so
> libpam.so.0
> cpp libnsl-2.2.2.so
> libpam.so.0.74
> i686 libnsl.so.1
> libpam_misc.a
> iptables libnss1_compat-2.2.2.so
> libpam_misc.so
> kbd libnss1_compat.so.1
> libpam_misc.so.0
> ld-2.2.2.so libnss1_dns-2.2.2.so
> libpam_misc.so.0.74
>> then ls -la /lib |grep ^H*
>> [root at leviathan /]# ls -la /lib/ |grep ^H*
> total 8612
> drwxr-xr-x 7 root root 4096 Sep 16
> 00:04 .
> drwxr-xr-x 20 root root 4096 Oct 18
> 01:09 ..
> -rw-r--r-- 1 root root 27 Sep 16
> 00:04 ..
> lrwxrwxrwx 1 root root 14 Jul 10
> 05:01 cpp -> ../usr/bin/cpp
> drwxr-xr-x 2 root root 4096 Jul 10
> 04:56 i686
> drwxr-xr-x 2 root root 4096 Jul 10
> 04:59 iptables
> drwxr-xr-x 7 root root 4096 Jul 10
> 04:57 kbd
> -rwxr-xr-x 1 root root 471781 Apr 6
> 2001 ld-2.2.2.so
>> Can't figure out that's all about. It looks like a
> dodgy directory but doesn't say that it's a dir or a
> file.
> Anyone know?
>> Thanks
>> C
>> =====
> "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.
>> Chris Boyd
>> Home: 353 1 671 9858
> Cell: 353 87 955 9519
>> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
>http://personals.yahoo.com>> --
> Irish Linux Users' Group: ilug at linux.ie>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie
--
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
