On Fri, 29 Apr 2005 17:27:58 -0400 "M.Rudra" <dr.rudra@xxxxxxxxx> wrote > On 4/27/05, Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> wrote: > > > something.) Also check in /tmp and /var. And any luck with the > > > .bash_history? (For both the users and for root....) > > > > Especially /var/tmp - that's a common place for rootkits to live. > > a doubt here , > > i checked /tmp and found > > srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4 > why does this file (socket) have different owner and user, while all > others have either root or userabc. wnn is your input method's user. (That's the software that allows you to type in non-Latin script with more characters than fit on the keyboard.) > [...] -- Joel Rees <rees@xxxxxxxxxxx> digitcom, inc. 株式会社デジコム Kobe, Japan +81-78-672-8800 ** <http://www.ddcom.co.jp> **
