My client server has been hacked some times ago with the T0rnkit (rootkit).
The procedure to detect it was taken from this page
I have 2 problems
1 - the server is on a remote location, and not easily accessible, If I really get into trouble I'll have to ask my host to send a technician to do some Maintenance directly in front of the server (I do not have any physical access to it yet), and since I have not SLA it will probably cost money...
2 - I can't get to modify the /etc/rc.d/rc.sysinit file, I just get the following message :
"/etc/rc.d/rc.sysinit" Can't open file for writing"
Since the restore procedure (as described with the link above) begins with this (followed by a reboot) I'm not getting anywhere, and i've already tried chmod +r on it with no more success.
Do you have any ideas to avoid physical access and doing everything thru an SSH session (I can reboot the server remotely with an APC device)
Red Hat Linux release 7.2 (Enigma)
Thanks for your help