Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Oct 2002 18:53:09 +0200
From:      Roman Neuhauser <neuhauser@bellavista.cz>
To:        xxavi@MyRealBox.com
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: floppy disk
Message-ID:  <20021006165309.GF51897@freepuppy.bellavista.cz>
In-Reply-To: <XFMail.20021005223240.xxavi@MyRealBox.com>
References:  <200210050714.g957EbuG091849@lurza.secnetix.de> <XFMail.20021005223240.xxavi@MyRealBox.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
# xxavi@MyRealBox.com / 2002-10-05 22:32:40 +0200:
> 
> On 05-Oct-2002 Oliver Fromme wrote:
> > Gary W. Swearingen <swear@attbi.com> wrote:
> >  > [huge quote]
> >  >> >> > grep: /etc/vfstab: No such file or directory
> >  > ...
> >  > 
> >  > Anyway, I just wanted to guess that "vfstab" means "Virtual FileSystem
> >  > TABle", which I think is an (optional?) feature of FreeBSD 5.0 (AKA
> > 
> > No.  /etc/vfstab is the filesystem table on several SysV-
> > derived UNIX systems, such as Solaris.  It does not exist
> > on FreeBSD.
> > 
> > Therefore it seems that the mount command on that machine
> > has been replaced by a script designed to run on a system
> > like Solaris.  Maybe some funny root-kit.
> > 
> > Not that I want to cause any concern ...  :-)
> > 
> > My advice would be to re-install the mount command.  Better
> > yet, find out whether the machine was compromised, and if
> > so, re-install the complete system.
> 
> How can i make to reinstal only that command (mount), whitout
> reinstaling all the SO?

    are you not concerned about the possibility that your box has been
    "hacked into"?

    anyway, check the output of:

    file `which mount`

    and if that says anything else than

    /sbin/mount: ELF 32-bit LSB executable, Intel 80386, version 1
    (FreeBSD), statically linked, stripped

    particularly if it says something similar to
    /sbin/mount: Bourne shell script text executable

    then you were compromised, and reinstalling /sbin/mount won't help
    you.

-- 
begin 666 nonexistent.vbs
FreeBSD 4.7-RC
6:46PM up 19 days, 2:01, 17 users, load averages: 0.13, 0.11, 0.08
end

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021006165309.GF51897>