OT: /var/run/.defunct

Michał Piotrowski mkkp4x4 at gmail.com
Thu Feb 24 16:28:21 UTC 2011


2011/2/24 Matthew D Truch <matt at truch.net>:
> Sorry for the mostly off-topic post, but google hasn't been my friend
> lately and I don't know where to turn.
> We've had a few machines (mostly non-Fedora machines) which seem to have
> a kind of rootkit installed on them, and write data to a file called
> /var/run/.defunct among other non-niceties.  Of course, we're going to
> wipe the machines in question but googling doesn't seem to provide us
> with any info and we'd like to make sure that whatever exploit got the
> system cracked in the first place is patched up this time around.

Without an investigation, which will show what was the object of
attack and what vulnerability was exploited you can not be sure
whether the newly installed system will not be exposed to this

>  Any
> ideas?
> --
> "299792458 m/s.  It's not just a good idea, It's the law."
> --------------------------
> Matthew Truch
> Department of Physics and Astronomy
> University of Pennsylvania
> matt at truch.net
> http://matt.truch.net/
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel

Best regards,


More information about the devel mailing list