Solved

read only /bin

Posted on 2008-10-17
2
259 Views
Last Modified: 2013-12-06
Ok. I had a rootkit on a debian sarge.

it set /bin readonly so i cannot substitute infected binaries

how do i setattr /bin (and /sbin) other than formatting?
0
Comment
Question by:illu666
2 Comments
 
LVL 2

Accepted Solution

by:
SirGeeks earned 125 total points
ID: 22743462
You could try running chattr -R -i /bin/* and see if that removes the immutable flag.
0
 

Author Closing Comment

by:illu666
ID: 31507188
it worked: i had to set the directory attributes too. (and give a "-a" too to overwrite infected files)

thank you!
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
linux installs 6 60
Why isn't object file created? 6 59
wipe a usb using python 5 48
How to change the nameserver on Ubuntu Server 6 20
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question