12-15-2007
Does anybody have a copy of the 'mount' binary which was on these systems? Even a copy from backup is fine. I honestly suspect a rootkit being involved in this issue as I have seen it before. Looks like a number of binaries are involved, mount being one of them (due to how early it is called during bootup).
If you do have a copy from these systems, I would recommend you examine the impacted system's from another good kernel and then look for the binaries. You should find the 'mount' binary, another mount binary with what looks like a hash string appended to the end of the name, and then another empty mount file with another hash appended to the name. This seems to be the indicator that the system truly is infected.
Please post the binary to this forum, or PM me if you can supply me with a copy for analysis. I am interested to know if this is the same exact MD5 hash I found or not. Would really like to identify this particular rootkit and get some signatures out there so other people can find it easier.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
well, I'm completely stumped so I'm hopeful that someone here may have an answer...one of my development machines is running Solaris 8 and I've been trying to create a folder in /apps. it gives me this message:
mkdir: Failed to make directory "*******"; Operation not applicable
I've tried... (2 Replies)
Discussion started by: jkrotz
2 Replies
2. Solaris
when ever i trying to give df -k from user showing permisson denied for one directory named samba.if i trying to give from root user samba directory is opening.
shut@praveen#df -k
df: cannot statvfs /samba/tcgt_tendering: Permission denied
if i give from root user (df -k)
... (4 Replies)
Discussion started by: tv.praveenkumar
4 Replies
3. Homework & Coursework Questions
first off let me introduce myself. My name is Eric and I am new to linux, I am taking an advanced linux administration class and we are tasked with creating a script to add new users that anyone can run, has to check for the existence of a directory. if the directory does not exist then it has... (12 Replies)
Discussion started by: pbhound
12 Replies
4. Solaris
Hi All,
I am trying to uninstall jdk 1.5 from my Solaris 10 64 bit but some how was not successful.so tried to delete the folder of jdk from /usr but its throughing error as:
Unable to remove directory jdk: Read-only file system
Even I tried to create a dir in /usr but its not allowing me... (4 Replies)
Discussion started by: Pshah
4 Replies
5. Linux
unable to chnage the ownership as group does not exist
ls -ltr
drwxr-xr-x 2 1520291 remote 1024 Sep 25 2014 img
root@servername#chown content:remote img
chown: img: Not owner (1 Reply)
Discussion started by: raghur77
1 Replies
6. Shell Programming and Scripting
Hi all,
i have a folder, with tons of files containing as following,
on /my/folder/jobs/
some_name_2016-01-17-22-38-58_some name_0_0.zip.done
some_name_2016-01-17-22-40-30_some name_0_0.zip.done
some_name_2016-01-17-22-48-50_some name_0_0.zip.done
and these can be lots of similar files,... (6 Replies)
Discussion started by: charli1
6 Replies
7. Shell Programming and Scripting
Hi All,
We have main directory called "head"
under this we have several sub directories and under these directories we have sub directories.
My requirement is I have to find the SQL files which are having the string "procedure" under "head" directory and sub directories as well.
And create... (14 Replies)
Discussion started by: ROCK_PLSQL
14 Replies
8. Shell Programming and Scripting
I am getting the below error when cd to a directory.
cd /u/Mont
/bin/ksh: cd: /u/Mont:
ls -ltrd /u/Mont
lrwxrwxrwx 1 user1 testuser 5 Dec 1 11:39 /u/Mont -> Mont
uname -a
SunOS mymac 5.11 11.2 sun4v sparc sun4v
Can you please resolve the error and explain why is it... (1 Reply)
Discussion started by: mohtashims
1 Replies
9. Shell Programming and Scripting
I have a script, which is checking if file exists and move it to another directory
if
then
mkdir -p ${LOCL_FILES_DIR}/cool_${Today}/monthly
mv report_manual_alloc_rpt_A_I_ASSIGNMENT.${Today}*.csv ${LOCL_FILES_DIR}/cool_${Today}/monthly
... (9 Replies)
Discussion started by: digioleg54
9 Replies
10. Shell Programming and Scripting
In the below I am trying to create a parent directory using the R_2019 line from f1 if what above it is not empty.
I then create sub-directories under each parent if there is a match between $2 of f1 and $2. Inside each sub-folder the matching paths in $3 and $4 in f2are printed. If there is no... (2 Replies)
Discussion started by: cmccabe
2 Replies
LEARN ABOUT X11R4
xkbkeysymentry
XkbKeySymEntry(3) XKB FUNCTIONS XkbKeySymEntry(3)
NAME
XkbKeySymEntry - Returns the keysym corresponding to shift level shift and group grp from the two-dimensional array of keysyms for the key
corresponding to keycode
SYNOPSIS
KeySym XkbKeySymEntry macro ( xkb, keycode, shift, grp )
XkbDescPtr xkb;
KeyCode keycode;
int shift;
int grp;
ARGUMENTS
- xkb Xkb description of interest
- keycode
keycode of interest
- shift
shift level of interest
- grp group of interest
DESCRIPTION
The key width and number of groups associated with a key are used to form a small two-dimensional array of KeySyms for a key. This array
may be different sizes for different keys. The array for a single key is stored as a linear list, in row-major order. The arrays for all of
the keys are stored in the syms field of the client map. There is one row for each group associated with a key and one column for each
level. The index corresponding to a given group and shift level is computed as:
idx = group_index * key_width + shift_level
The offset field of the key_sym_map entry for a key is used to access the beginning of the array.
XkbKeySymEntry returns the keysym corresponding to shift level shift and group grp from the two-dimensional array of keysyms for the key
corresponding to keycode.
X Version 11 libX11 1.2.1 XkbKeySymEntry(3)