On 4/29/05, M.Rudra <dr.rudra@xxxxxxxxx> wrote: > On 4/27/05, Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> wrote: > > > something.) Also check in /tmp and /var. And any luck with the > > > .bash_history? (For both the users and for root....) > > > > Especially /var/tmp - that's a common place for rootkits to live. > > a doubt here , > > i checked /tmp and found > > srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4 > why does this file (socket) have different owner and user, while all > others have either root or userabc. > > drwxrwxrwt 2 xfs xfs 4096 Apr 29 22:30 .font-unix > this hidden file also has different permission and different owner and > user, while others have either root or userabc. > > xfs and wnn ? are not users created by me so where did they come from ? xfs is the font server, do not know whay wnn is. Check /etc/passwd for the list of users for the system. N.Emile... -- Registered Linux User # 125653 (http://counter.li.org) Certified: 75% bastard, 42% of which is tard. http://www.thespark.com/bastardtest Now accepting personal mail for GMail invites.
