Date: Tue, 1 Sep 1998 06:57:19 -0700 (PDT) From: Jim Mock <jim@phrantic.phear.net> To: freebsd-questions@FreeBSD.ORG Subject: questions Message-ID: <Pine.BSF.4.02A.9809010646140.8666-100000@phear.net>
next in thread | raw e-mail | index | archive | help
Ok, I might be clueless and/or a complete moron, but I've got a few questions about restoring files to the original/upgrading to a later version. Here's the deal.. I'm running 2.2.5-RELEASE, and recently the box has been hacked. I've managed to block out the attackers using ipfw and tcp wrappers, but after reading some stuff on CERT's site, I started checking the files on the machine in question with another machine and found some differences.. here they are.. **** ls **** [jim@phear]$ ls -la /bin/ls -r-xr-xr-x 1 bin bin 22987 Oct 21 1997 ls [jim@hendrix]$ ls -la /bin/ls -r-xr-xr-x 1 bin bin 155648 Oct 21 1997 ls **** lpd **** [jim@phear]$ ls -la /usr/sbin/lpd -r-xr-xr-x 1 bin bin 8984 Aug 9 11:47 /usr/sbin/lpd [jim@hendrix]$ ls -la /usr/sbin/lpd -r-xr-xr-x 1 bin bin 53248 Oct 21 1997 /usr/sbin/lpd **** ps **** [jim@phear]$ ls -la /bin/ps -r-xr-sr-x 1 bin kmem 31587 Oct 21 1997 /bin/ps [jim@hendrix]$ ls -la /bin/ps -r-xr-sr-x 1 bin kmem 167936 Oct 21 1997 /bin/ps My question is this.. a) how do i go about replacing those files with the originals without reinstalling, and b) I've got other machines running the same release and I was wondering if I could copy the files from the other box and replace the ones in question. I'm not sure if that'd work or not, so I figured I'd ask. I'd just reinstall to 2.2.7, but I have the box at an isp in Portland that I worked for, and I live in Australia now, so that's kind of a problem. Any info would be greatly appreciated. Thanks. Jim +---------------------------------------+ | Jim Mock | Phear.Net | KidzHaven | | Web Site Design & Hosting Services | | email - jim@phrantic.phear.net/ | | www - http://www.phear.net/ | | www - http://www.kidzhaven.com/ | +---------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809010646140.8666-100000>