From owner-freebsd-security Mon Jul 22 23:28:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2C2D37B400 for ; Mon, 22 Jul 2002 23:28:13 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 342D943E3B for ; Mon, 22 Jul 2002 23:28:13 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id AAA29019 for ; Tue, 23 Jul 2002 00:28:04 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020723002551.02245100@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 23 Jul 2002 00:27:58 -0600 To: security@FreeBSD.ORG From: Brett Glass Subject: "Text file busy" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A FreeBSD server belonging to a client of mine has begun to report "Text file busy" in response to common commands. I can't see anything unusual on the surface, but am concerned that the server may have been compromised anyway (a rootkit could have been installed) and that this is a symptom. What mechanism generates this message? And does it suggest that the machine may have been rooted? --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message