I sent this to Michael Boelen and he suggested I repost it here ...
We've just found an exploit on our machine thanks to rkhunter (thank you very much) and now I understand the way it was hidden what I'm suggesting here isn't needed for me. But maybe it would help other people starting off?
The suggestion is that when you say you've found hidden files enclose them in quotes so any spaces that are in there are visible.
We had a message saying inspect /sbin/.. which I did and couldn't see anything wrong. However of course it was '/sbin/.. ' and I didn't notice the space. However with the quotes (or maybe even a warning for this, or '. ' or other tricks stating there is a hidden space) I would have understood the problem quicker.
Anyway just a suggestion. Thanks again for the great tool
Log in to post a comment.