[Techtalk] undeletable files
Walt
pippin at freeshell.org
Tue Mar 26 16:01:43 EST 2002
At 04:55 PM 3/26/2002 +0000, Telsa wrote:
>I'm curious why you're not just nuking the whole thing and
>reinstalling. Is there stuff on there you can't afford to
>lose?
Ummm hrrm. I probably would do that except
that the server is offsite now which is making
maintenance and whatnot a real pain. And
actually, it's kind of the opposite with the files
it has: there's nothing super-important on it,
but I am not thrilled with having to go through
all the reinstalling mess either. User accounts,
preserving email, web pages, dns, fun fun. *Grrrr*
>On the second: I've heard you can make files undelete-able
>by using chattr on them. Looking at the man page, would
>chattr -i filename then rm work?
Making a note of this for some fairly extensive
work I have lined up for this evening....
Kai MacTane wrote:
>[files] altered by crackers include: ls, top, ps, w, who, and even syslogd.
I don't think ls was, because I could see the
files in /dev/.../bdos though ps may have been
and the intruder was definitely running his own
syslog daemon.
I've had this happen one other time and basically
what I did then was (since I'm running rhl) uninstall
and reinstall or upgrade every RPM on the system.
That is what I started to do this time but ran into
to these wretched files that I can't delete.
Thanks for the chattr and lsattr tips Telsa (et. al. :-)
Walt
-~
A scientist deduces a relationship that fits the facts and
calls it a theory; an idealist suggests a relationship among
facts and calls it a vision; an ideologue demands that you accept
his conjectures without regard to the facts and calls them
revealed truth. A theory is sustained by experiment, an ideal
by philosophy, and an ideology by a secret police.
Charles J.C. Lyall
More information about the Techtalk
mailing list