OT: /var/run/.defunct
Michał Piotrowski
mkkp4x4 at gmail.com
Thu Feb 24 16:28:21 UTC 2011
Hi,
2011/2/24 Matthew D Truch <matt at truch.net>:
> Sorry for the mostly off-topic post, but google hasn't been my friend
> lately and I don't know where to turn.
>
> We've had a few machines (mostly non-Fedora machines) which seem to have
> a kind of rootkit installed on them, and write data to a file called
> /var/run/.defunct among other non-niceties. Of course, we're going to
> wipe the machines in question but googling doesn't seem to provide us
> with any info and we'd like to make sure that whatever exploit got the
> system cracked in the first place is patched up this time around.
Without an investigation, which will show what was the object of
attack and what vulnerability was exploited you can not be sure
whether the newly installed system will not be exposed to this
vulnerability.
> Any
> ideas?
>
> --
> "299792458 m/s. It's not just a good idea, It's the law."
> --------------------------
> Matthew Truch
> Department of Physics and Astronomy
> University of Pennsylvania
> matt at truch.net
> http://matt.truch.net/
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
--
Best regards,
Michal
http://eventhorizon.pl/
More information about the devel
mailing list