disappearing directories, answer

• Messages sorted by: [ date ][ subject ][ author ]
• Next message: peter sandusky "F19 Chemical Shifts"
• Previous message: Dennis Hasha "Varian communication box"

Regarding my earlier post:

"Recently created directories are not visible with any ls command either at
console, terminal, telnet session or ftp session. The filesystem is only
83% full (/export/home - slice 7)."

I moved another copy of /bin/ls from another host to my home dir on the
affected machine and then queried using /export/home/wstevens/ls. This
works fine, so my copy of ls is corrupt. Whether this is from a hack, I
don't know but I suspect so. (File length and date stamp looked okay, but
those can be doctored.)

I need to follow Charlie Fry's advice:

"Hate to say this, but I wonder if your ls has been hacked.
Sun has a good way to check, with signatures (checksums)
on their site at:

"http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl

"You have to download the MD5 exe, and run it on the ls
file.  Check the signature it returns in the Sun database.

Hope you're ok,
Charlie"

As usual, Charlie's at the top of his game. If I find that it's a hack,
will replace the OS with 7 or 8 and might as well swap the 4 GB disk for a
40 GB in the process. Then TCP wrappers, which I keep meaning to get around
to. Why in tarnation don't unix vendors build it in, like linux? I'd have
all my NMR-type hosts restricting connections to *.siu.edu and my static IP
at home.

If I have a trojan horse ls that was designed to hide recently created
directories, any places YOU'D look for further mischief?

Bill


William C. Stevens, Ph.D.	Nuclear Magnetic Resonance Facility
Director			Southern Illinois University
				Carbondale, IL 62901-4405
618-453-6498 voice
618-453-6408 fax		wstevens@siu.edu
				http://opie.nmr.siu.edu

• Next message: peter sandusky "F19 Chemical Shifts"
• Previous message: Dennis Hasha "Varian communication box"