Date: 13 Sep 2001 12:08:27 -0400 From: Vivek Khera <khera@kcilink.com> To: questions@freebsd.org Subject: Re: What is ".nfsA09b24.4" doing in =?iso-8859-1?q?n=B4my?= /bin? Message-ID: <x7k7z3rs3o.fsf@onceler.kciLink.com> In-Reply-To: <EB513E68D3F5D41191CA00025558810150D6F5@mailserv.xpert.com> References: <EB513E68D3F5D41191CA00025558810150D6F5@mailserv.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The following message is a courtesy copy of an article that has been posted to ml.freebsd.questions as well. >>>>> "YB" == Yonatan Bokovza <Yonatan@xpert.com> writes: YB> Looks like a rootkit to me. Have you every used NFS before? These are files NFS uses to keep remotely open files available when they are deleted locally. This is necessary for the semantics of the open/unlink sequence in unix. Usually they are cleaned up, but depending on various things, these files may be left behind. If your NFS server lets you delete them, go ahead and do so; otherwise it will do so later. YB> Hadn't my HD died I could verify my concern, that YB> this is Open/FreeBSD rootkit I found somewhere else. YB> http://www.cert.org/security-improvement/modules/m06.html YB> or in short form: newfs, reinstall, restore backup. YB> Yonatan. >> -----Original Message----- >> From: Micke Josefsson [mailto:mj@isy.liu.se] >> Sent: Thursday, September 13, 2001 12:35 >> To: freebsd-questions@freebsd.org >> Subject: What is ".nfsA09b24.4" doing in n´my /bin? >> >> >> I recently found these files in /bin on an exported filesystem: >> >> -r-xr-sr-x 1 root kmem 32376 18 Jun 17:13 .nfsA6bcb4.4 >> -r-xr-xr-x 1 root wheel 279972 18 Jun 17:13 .nfsA6c834.4 >> -r-xr-xr-x 1 root wheel 164332 30 Maj 11:57 .nfsA76da4.4 >> >> What are they? Can I delete them? >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x7k7z3rs3o.fsf>