[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Found file in /dev: "h"
thank you for your answer. I have had a look to different things and found
in /boot/grub/ :
-rw-r--r-- 1 root root 103434 Feb 19 17:38 stage2
a file from Feb 19 and in /boot/
-rw-r--r-- 1 root root 512 Feb 19 14:24 backup_mbr
On Februar 15 I did install the server (SuSE 9.0) on new disks. In the
following days I have make many installations, but I have no documentation
about our activity on the 19th. But we had a mistake in grub/menu.lst
associated with a disk "hdX" (hde or hdc was mispelled as h0 or something
like this). May be, that the file "/dev/h" was created in this context by the
boot-process. May also be a result of a unsuccessful test with lilo by my
I did run chkrootkit and do some other checks. I cannot find a rootkit at all.
I think too, if a hacker had attack the server, he would eliminate ALL
entries in authd.log and message.log.
So I will be alert next time, watch tcp-connection and have a look for unknown
Hackers going on to make the internet unusable.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here