Results 1 to 9 of 9
Thread: Redhat question
-
03-14-2004, 01:36 PM #1WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
Redhat question
/bin/ls: unrecognized prefix: do
/bin/ls: unparsable value for LS_COLORS environment variable
I get this everytime I do an ls
The directory still lists, but that preceeds it.
Any idea what causes this? It just started the other day
-
03-14-2004, 01:45 PM #2Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
You are infected with the t0rn rootkit. I suggest hiring someone good with security that knows how to remove it or get a os reinstall. The os reinstall would be better
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
03-14-2004, 01:59 PM #3WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
ewwwww
really?
Anywhere I can find info on this?
-
03-14-2004, 02:04 PM #4Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
http://www.webhostingtalk.com/showth...hreadid=247248
http://www.webhostingtalk.com/showth...hreadid=247298
but be warned if you dont know what you are doing you might not get it allSteven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
03-14-2004, 02:35 PM #5WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
thanks for the info
-
03-14-2004, 03:35 PM #6WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
Checking `login'... INFECTED
Checking `pstree'... INFECTED
chkrootkit seems to come up clean except for these two files
I've followed the instructions in the other posts and removed all the crap. Any suggestions?
-
03-14-2004, 03:59 PM #7WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
as well, my syslog seems to be giving me grief
syslogd dead but pid file exists
klogd (pid 7839 6202 5986 3845 3145) is running...
-
03-14-2004, 04:18 PM #8WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
I can have my OS reloaded... what can I do to prevent this from happening again??
-
03-14-2004, 05:03 PM #9WHT Addict
- Join Date
- Jan 2004
- Posts
- 106
one last question while I'm at it
Is it safe to say that users home directories are safe to backup and restore when my os reload is complete?
I don't want to carry over any of this crap!