l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2003 Aug 10 11:51

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] password stolen at linuxworld
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] password stolen at linuxworld



Peter Jay Salzman said:
> ack.  i didn't mean to be an alarmist.  i didn't mean your DEFINITELY
> hacked.  i meant you definitely want to be on the lookout.  debian has a
> package that looks for common rootkits.  also, pay attention to outside
> connections, log files, do a search for "..." and "pfloyd", and look in
> /dev.  black hat hackers love to hide files in /dev.


Some like to hide files in "hidden files" (prefixed with ".") and you may
even find some who hide files by using escape sequences common to vt100
and xterm that move the cursor back to the beginning of a line after
printing their names to hide them from display. Another technique is to
trojan "ls" to have it hide the files in a dir.

For the first, you should be able to :
$ ls | less
and less will expose control characters and escape them for you to see.

For the second, if there is no alias for "echo" and the shell has not been
trojaned (and probably other things I am not recalling) you call use
"echo" to display files (nonhidden) in a dir:
$ echo .*  *
(This just prints names, not details like date and lengths.)

The above is also useful if your box has been fork-bombed or there are too
many processes for an ls to be run. Why? echo is a shell built-in and does
not need to start another process.

HTH,
-ME


_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.