Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Binary files damaged after attack on the server
Operating Systems Linux Binary files damaged after attack on the server Post 302825537 by alister on Monday 24th of June 2013 02:20:41 PM
Old 06-24-2013
To reiterate what Corona said, your machine is not trustworthy. Do not believe anything it says.

You cannot trust what ls says because ls itself may have been modified. Even if ls is trustworthy, if the kernel has been modified, then the stat system call that ls uses to obtain file metadata (which includes timestamps) cannot be trusted.

As an aside, your ls command is using modification times to identify compromised executables. Even if ls and the kernel can be trusted, mtimes can be trivially forged with privilege and a system call. While ctimes are not normally forgeable in that way, given root and malicious intent, metadata can be modified arbitrarily.

A short, classic essay on how trust can be abused, by Ken Thompson: ACM Classic: Reflections on Trusting Trust

Regards,
Alister
 

9 More Discussions You Might Find Interesting

1. Solaris

System damaged need help please

Hi there, i have sun solaris 10 running on X86 system P4 box with ATA harddisk, anyway suddenly its started to try to login to the maintenance mode asking for the root password when i give it its mount the partitions as read only but when i try to run fsck on them i got this error: can't stat... (3 Replies)
Discussion started by: XP_2600
3 Replies

2. Shell Programming and Scripting

search for files excluding binary files

Hi All, I need a solution on my following find command find ./.. -name '*.file' -print BTW This gives me the output as belows ./rtlsim/test/ADCONV0/infile/ad0_dagctst.file ./rtlsim/test/ADCONV0/user_command.file ./rtlsim/test/ADCONV0/simv.daidir/scsim.db.dir/scsim.db.file... (2 Replies)
Discussion started by: user_prady
2 Replies

3. Cybersecurity

what is the better way to protect my server from DDos Attack

heloo today i have DDos Attack in my server what is the better way to secure my server from DDos Attack i use CentOS 4&5 i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems Give Me The best way plzz (4 Replies)
Discussion started by: a7medo
4 Replies

4. UNIX for Dummies Questions & Answers

How do install binary located on another server

Hi, For an automated install, an install script runs locally on the machine being installed on. This "install script" has to install programs that are located on the install server. How can I script this?I (1 Reply)
Discussion started by: mojoman
1 Replies

5. AIX

Transferring files from one AIX server to another AIX server in binary mode

Hi, I am a newbie to AIX. We have 2 AIX5.3 servers in our environment, I need to transfer some files in Binary mode from one server to another and some files in ASCII mode from one server to another server. Could you please help me as to how I need to do that? Thanks, Rakesh (4 Replies)
Discussion started by: rakeshc.apps
4 Replies

6. Solaris

How to copy a binary from one server and paste it to another server?

How to copy a binary from one server and paste it to another server? Please help... On server A there is a binary with size 0...I need to copy a binary from server B and replace the 0 size binary on Server A. Kindly Help (3 Replies)
Discussion started by: Rahul466
3 Replies

7. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ... (1 Reply)
Discussion started by: darakas
1 Replies

8. Shell Programming and Scripting

Shell script to copy a file from one server to anther server and execute the binary

Hi , Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file. We want to copy a file on multiple servers and run the installation. Thanks (1 Reply)
Discussion started by: Nawrajesh
1 Replies

9. What is on Your Mind?

Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT LINUX

megaco_flex_scanner

megaco_flex_scanner(3erl)				     Erlang Module Definition					 megaco_flex_scanner(3erl)

NAME

       megaco_flex_scanner - Interface module to the flex scanner linked in driver.

DESCRIPTION

       This  module  contains the public interface to the flex scanner linked in driver. The flex scanner performs the scanning phase of text mes-
       sage decoding.

       The flex scanner is written using a tool called flex . In order to be able to compile the flex scanner driver, this tool has to	be  avail-
       able.

       By  default  the  flex  scanner reports line-number of an error. But it can be built without line-number reporting. Instead token number is
       used. This will speed up the scanning some 5-10%. Use --disable-megaco-flex-scanner-lineno when configuring the application.

       The scanner will, by default, be built as a reentrant scanner if the flex utility supports this (it depends on the version of flex). It	is
       possible  to explicitly disable this even when flex support this. Use --disable-megaco-reentrant-flex-scanner when configuring the applica-
       tion.

DATA TYPES

       megaco_ports() = term()
       megaco_version() = integer() >= 1

EXPORTS

       start() -> {ok, PortOrPorts} | {error, Reason}

	      Types  PortOrPorts = megaco_ports()
		     Reason = term()

	      This function is used to start the flex scanner. It locates the library and loads the linked in driver.

	      On a single core system or if it's a non-reentrant scanner, a single port is created. On a multi-core system with a reentrant  scan-
	      ner, several ports will be created (one for each scheduler).

	      Note that the process that calls this function must be permanent. If it dies, the port(s) will exit and the driver unload.

       stop(PortOrPorts) -> stopped

	      Types  PortOrPorts = megaco_ports()

	      This function is used to stop the flex scanner. It also unloads the driver.

       is_reentrant_enabled() -> Boolean

	      Types  Boolean = boolean()

	      Is the flex scanner reentrant or not.

       is_scanner_port(Port, PortOrPorts) -> Boolean

	      Types  Port = port()
		     PortOrPorts = megaco_ports()
		     Boolean = boolean()

	      Checks if a port is a flex scanner port or not (useful when if a port exits).

       scan(Binary, PortOrPorts) -> {ok, Tokens, Version, LatestLine} | {error, Reason, LatestLine}

	      Types  Binary = binary()
		     PortOrPorts = megaco_ports()
		     Tokens = list()
		     Version = megaco_version()
		     LatestLine = integer()
		     Reason = term()

	      Scans a megaco message and generates a token list to be passed on the parser.

Ericsson AB							   megaco 3.15.1					 megaco_flex_scanner(3erl)
All times are GMT -4. The time now is 10:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy