From: Chris Boyd (chris_d_b71 at domain yahoo.com)
Date: Thu 18 Oct 2001 - 10:31:58 IST
I was looking for rootkits and came across something
strange. Using RH 7.1
find / -name ".*" -print -xdev:
/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/Image/Magick/.packlist
/lib/..
/root/.Xresources
then did a ls -la /lib:
total 8612
drwxr-xr-x 7 root root 4096 Sep 16
00:04 .
drwxr-xr-x 20 root root 4096 Oct 18
01:09 ..
-rw-r--r-- 1 root root 27 Sep 16
00:04 .. ???
lrwxrwxrwx 1 root root 14 Jul 10
05:01 cpp -> ../usr/bin/cpp
drwxr-xr-x 2 root root 4096 Jul 10
04:56 i686
drwxr-xr-x 2 root root 4096 Jul 10
04:59 iptables
drwxr-xr-x 7 root root 4096 Jul 10
04:57 kbd
then did cd /lib/ and then pressed TAB:
[root at domain leviathan /]# cd /lib/
.. ^H^H^H libmemusage.so
libpam.so.0
cpp libnsl-2.2.2.so
libpam.so.0.74
i686 libnsl.so.1
libpam_misc.a
iptables libnss1_compat-2.2.2.so
libpam_misc.so
kbd libnss1_compat.so.1
libpam_misc.so.0
ld-2.2.2.so libnss1_dns-2.2.2.so
libpam_misc.so.0.74
then ls -la /lib |grep ^H*
[root at domain leviathan /]# ls -la /lib/ |grep ^H*
total 8612
drwxr-xr-x 7 root root 4096 Sep 16
00:04 .
drwxr-xr-x 20 root root 4096 Oct 18
01:09 ..
-rw-r--r-- 1 root root 27 Sep 16
00:04 ..
lrwxrwxrwx 1 root root 14 Jul 10
05:01 cpp -> ../usr/bin/cpp
drwxr-xr-x 2 root root 4096 Jul 10
04:56 i686
drwxr-xr-x 2 root root 4096 Jul 10
04:59 iptables
drwxr-xr-x 7 root root 4096 Jul 10
04:57 kbd
-rwxr-xr-x 1 root root 471781 Apr 6
2001 ld-2.2.2.so
Can't figure out that's all about. It looks like a
dodgy directory but doesn't say that it's a dir or a
file.
Anyone know?
Thanks
C
=====
"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.
Chris Boyd
Home: 353 1 671 9858
Cell: 353 87 955 9519
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:48 GMT