[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Found file in /dev: "h"



Hallo Dieter,
thank you for your answer. I have had a look to different things and found 
in /boot/grub/ :

-rw-r--r--    1 root     root       103434 Feb 19 17:38 stage2

a file from Feb 19 and in /boot/

-rw-r--r--    1 root     root          512 Feb 19 14:24 backup_mbr

On Februar 15 I did install the server (SuSE 9.0) on new disks. In the 
following days I have make many installations, but I have no documentation 
about our activity on the 19th. But we had a mistake in grub/menu.lst  
associated with a disk "hdX" (hde or hdc was mispelled as h0 or something 
like this). May be, that the file "/dev/h" was created in this context by the 
boot-process. May also be a result of a unsuccessful test with lilo by my 
trainee.

I did run chkrootkit and do some other checks. I cannot find a rootkit at all. 
I think too, if a hacker had attack the server, he would eliminate ALL 
entries in authd.log and message.log.

So I will be alert next time, watch tcp-connection and have a look for unknown 
rootkits.
Hackers going on to make the internet unusable.

Manfred



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here