Yuan Yijun (bbbush) wrote,
Yuan Yijun
bbbush

fedora: 我的系统被黑了

大概是昨天晚上的事情,因为那时就没办法运行 poweroff 了,强行关机的。

今天看到, net-tools 的几个文件被删了, SysVinit 的几个文件被删了, /var/log/messages 变成了一个目录,不用说内容也没了。

想想自己没什么有价值的东西,被黑和硬盘烧掉的感觉差不多。但是很不爽。不知道是因为什么,难道说我的软件太久不更新了?难道说我用的密码太简单?

用 chkrootkit 看了下,提示是
Checking `bindshell'... INFECTED (PORTS: 465)
可是这个是 exim 打开的端口,而且 rpm -V exim 没有提示什么变化。

然后 chkrootkit 提示
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2414 tty7 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7
但是这也正常,我猜是因为 ConsoleKit 的缘故。

不知道打开 SELinux 会不会看到更多。 :(

update:
决定了,等到 fedora 7 正式版出来之后再重装系统。还有一个月时间,这几天就是把 SELinux 改成强制,把 sshd 关掉而已。
Tags: fedora
Subscribe

  • 2020

    Last time I wrote a review was in 2018, about 2017. Or maybe I wrote something elsewhere, maybe on Twitter? It was hard to write something freely…

  • #thotcon badge?

    [root@m4700 ~]# esptool write_flash 0x00000 /home/yuan/tracking/thotcon0x9/tc0x9.bin esptool.py v2.3.1 Connecting.... Detecting chip type...…

  • Portfolio weighted averages

    Last week I got an assignment to make a small Java library for some often used portfolio calculations. A portfolio is a collection of holdings, each…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 0 comments