被黑了吗？

blackwhite · 发表于 2004-8-5 10:35:44

个人的desktop。一直在线。现在出现这个问题。
用chkrootkit检测，网卡是运行在混杂模式下。用lsattr -a /bin的目录，出现这个结果。

s-S-i-dAc---- ./.
suS-iadAcjI-- ./..
s-S-i-dAc---- ./dd
s-S-i-dAc---- ./cp
s-S-i-dAc---- ./df
s-S-i-dAc---- ./ed
s-S-i-dAc---- ./ex
s-S-i-dAc---- ./ln
s-S-i-dAc---- ./ls
s-S-i-dAc---- ./mt
s-S-i-dAc---- ./mv
s-S-i-dAc---- ./ps
s-S-i-dAc---- ./rm
s-S-i-dAc---- ./sh
s-S-i-dAc---- ./su
s-S-i-dAc---- ./vi
s-S-i-dAc---- ./ash
s-S-i-dAc---- ./awk
s-S-i-dAc---- ./cat
s-S-i-dAc---- ./bsh
s-S-i-dAc---- ./csh
s-S-i-dAc---- ./cut
s-S-i-dAc---- ./env
s-S-i-dAc---- ./pwd
s-S-i-dAc---- ./red
s-S-i-dAc---- ./sed
s-S-i-dAc---- ./rpm
s-S-i-dAc---- ./rvi
s-S-i-dAc---- ./tar
s-S-i-dAc---- ./bash
s-S-i-dAc---- ./arch
s-S-i-dAc---- ./date
s-S-i-dAc---- ./cpio
s-S-i-dAc---- ./echo
s-S-i-dAc---- ./gawk
s-S-i-dAc---- ./grep
s-S-i-dAc---- ./gtar
s-S-i-dAc---- ./gzip
s-S-i-dAc---- ./kill
s-S-i-dAc---- ./link
s-S-i-dAc---- ./mail
s-S-i-dAc---- ./more
s-S-i-dAc---- ./nice
s-S-i-dAc---- ./ping
s-S-i-dAc---- ./tcsh
s-S-i-dAc---- ./sort
s-S-i-dAc---- ./stty
s-S-i-dAc---- ./sync
s-S-i-dAc---- ./true
s-S-i-dAc---- ./view
s-S-i-dAc---- ./zcat
s-S-i-dAc---- ./unicode_stop
s-S-i-dAc---- ./bash2
s-S-i-dAc---- ./chgrp
s-S-i-dAc---- ./chmod
s-S-i-dAc---- ./chown
s-S-i-dAc---- ./dmesg
s-S-i-dAc---- ./egrep
s-S-i-dAc---- ./false
s-S-i-dAc---- ./fgrep
s-S-i-dAc---- ./igawk
s-S-i-dAc---- ./login
s-S-i-dAc---- ./mkdir
s-S-i-dAc---- ./mknod
s-S-i-dAc---- ./mount
s-S-i-dAc---- ./pgawk
s-S-i-dAc---- ./rmdir
s-S-i-dAc---- ./rview
s-S-i-dAc---- ./sleep
s-S-i-dAc---- ./touch
s-S-i-dAc---- ./uname
s-S-i-dAc---- ./kbd_mode
s-S-i-dAc---- ./setfont
s-S-i-dAc---- ./unicode_start
s-S-i-dAc---- ./domainname
s-S-i-dAc---- ./aumix-minimal
s-S-i-dAc---- ./doexec
s-S-i-dAc---- ./setserial
s-S-i-dAc---- ./gettext
s-S-i-dAc---- ./netstat
s-S-i-dAc---- ./gunzip
s-S-i-dAc---- ./ipcalc
s-S-i-dAc---- ./hostname
s-S-i-dAc---- ./nisdomainname
s-S-i-dAc---- ./mktemp
s-S-i-dAc---- ./dnsdomainname
s-S-i-dAc---- ./loadkeys
s-S-i-dAc---- ./ash.static
s-S-i-dAc---- ./umount
s-S-i-dAc---- ./unlink
s-S-i-dAc---- ./usleep
s-S-i-dAc---- ./ypdomainname
s-S-i-dAc---- ./basename
s-S-i-dAc---- ./dumpkeys

复制代码

另外一台机器上就不是这个样子的。

------------- ./.
------------- ./..
------------- ./dnsdomainname
------------- ./ping
------------- ./mktemp
------------- ./mount
------------- ./umount
------------- ./nisdomainname
------------- ./domainname
------------- ./hostname
------------- ./netstat
------------- ./cpio
------------- ./sh
------------- ./ypdomainname
------------- ./setserial
------------- ./bash
------------- ./bash2
------------- ./gawk
------------- ./ed
------------- ./red
------------- ./awk
------------- ./basename
------------- ./igawk
------------- ./pgawk
------------- ./egrep
------------- ./fgrep
------------- ./grep
------------- ./chgrp
------------- ./cat
------------- ./ash.static
------------- ./chmod
------------- ./chown
------------- ./cp
------------- ./cut
------------- ./date
------------- ./dd
------------- ./df
------------- ./echo
------------- ./env
------------- ./false
------------- ./link
------------- ./ln
------------- ./ls
------------- ./mkdir
------------- ./mknod
------------- ./mv
------------- ./nice
------------- ./pwd
------------- ./rm
------------- ./rmdir
------------- ./sleep
------------- ./sort
------------- ./stty
------------- ./su
------------- ./sync
------------- ./touch
------------- ./true
------------- ./uname
------------- ./unlink
------------- ./ash
------------- ./gunzip
------------- ./bsh
------------- ./dumpkeys
------------- ./gzip
------------- ./zcat
------------- ./ps
------------- ./rpm
------------- ./sed

复制代码

大家给点意见。自己认为是给黑了。这个机器基本上不开服务的，比较怪的事情。

		自动登录	找回密码
密码			注册