Date: Thu, 23 Aug 2001 11:54:30 -0400 From: Stefanos Kiakas <stefanos@e-scape.net> To: security@freebsd.org Subject: Compromised system. Message-ID: <200108231554.LAA96346@corp.e-scape.net>
next in thread | raw e-mail | index | archive | help
Hello,
I was recently investigating a systems that may
be compromised. The reason I say this is because of the
following entries in the output of the ps -ax command.
PID TT STAT TIME COMMAND
0 ?? DLs 0:04.35 (swapper)
1 ?? ILs 0:00.07 /sbin/init --
48474 ?? S 0:00.00 ./klogd
79612 ?? I 0:00.00 ./klogd
79613 ?? S 25:46.29 ./klogd
79623 ?? D 901:01.50 ./init 45 1103527590.log
And the /tmp directory contains 2 . entries with approximately
92M in the second one.
123# cd /tmp
123# ls -al
total 23
drwxrwxrwt 3 root wheel 512 Aug 23 16:39 .
drwxr-xr-x 2 root wheel 512 Aug 3 11:48 .
drwxr-xr-x 20 root wheel 512 Apr 4 04:46 ..
How do I access the second . directory to see what
is in it? I have tried everything I can thing of but
I cannot list any of the contents.
Please cc me at stefanos@e-scape.net.
Thank you,
Stefanos Kiakas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108231554.LAA96346>