From owner-freebsd-questions Thu Jan 14 06:00:17 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA09164 for freebsd-questions-outgoing; Thu, 14 Jan 1999 06:00:17 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA09159 for ; Thu, 14 Jan 1999 06:00:13 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id OAA11997; Thu, 14 Jan 1999 14:58:40 +0100 (CET) (envelope-from des) To: Silvio Sosio Cc: Subject: Re: Help: searching for su 225 References: <199901141300.OAA28063@blue.planet.it> From: Dag-Erling Smorgrav Date: 14 Jan 1999 14:58:38 +0100 In-Reply-To: Silvio Sosio's message of "Thu, 14 Jan 1999 14:02:30 +0100" Message-ID: Lines: 23 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Silvio Sosio writes: > An hacker has attacked my server and removed the "su" command. > I need urgently the binary. The FreeBSD versione is 2.2.5; I've tried to > use the version 2.2.6 but it does'nt work. That is a very, very bad idea. You are advertising the fact that your system has poor security, and asking people to send you binaries. The probable outcome is that somebody will send you a trojan. If your system has been cracked, the first rule is always to take it offline. The next step is to secure evidence, either by doing a level 0 dump of all file systems or by leaving the system untouched until you have time to analyze the attack. If you can't get root, press Ctrl-Alt-Del on the console and bring the system up in single-user mode. (OBTW, su must be suid to work so you need to *be* root to install it. Getting a binary won't help you) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message