Solved

read only /bin

Posted on 2008-10-17
2
262 Views
Last Modified: 2013-12-06
Ok. I had a rootkit on a debian sarge.

it set /bin readonly so i cannot substitute infected binaries

how do i setattr /bin (and /sbin) other than formatting?
0
Comment
Question by:illu666
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
SirGeeks earned 125 total points
ID: 22743462
You could try running chattr -R -i /bin/* and see if that removes the immutable flag.
0
 

Author Closing Comment

by:illu666
ID: 31507188
it worked: i had to set the directory attributes too. (and give a "-a" too to overwrite infected files)

thank you!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question