[ILUG] /dev/tty
John P. Looney
john at antefacto.com
Thu Jan 31 21:13:32 GMT 2002
On Thu, Jan 31, 2002 at 08:48:01PM +0000, cnb at eircom.net mentioned:
> When looking for dodgy directories I came across this:
> crw-rw---- 1 root disk 12, 5 Mar 24 2001 tpqic24
> crw-rw-rw- 1 root root 5, 0 Mar 24 2001 tty
> -rw------- 1 root root 146882020 Jan 31 20:43 tty*
> crw--w---- 1 root root 4, 0 Mar 24 2001 tty0
> crw------- 1 root root 4, 1 Jan 30 20:59 tty1
> crw--w---- 1 root tty 4, 10 Mar 24 2001 tty10
> crw--w---- 1 root tty 4, 11 Mar 24 2001 tty11
> crw--w---- 1 root tty 4, 12 Mar 24 2001 tty12
> crw--w---- 1 root tty 4, 13 Mar 24 2001 tty13
> crw--w---- 1 root tty 4, 14 Mar 24 2001 tty14
> crw--w---- 1 root tty 4, 15 Mar 24 2001 tty15
> Just in case it is normal what looked odd to me was the 3rd line:
> -rw------- 1 root root 146882020 Jan 31 20:43 tty*
>
> The time seems to correspond on with the time that I ran the find command.
> Anybody know whats going on here or is this a rootkit of some kind?
Looks like someone just over wrote your tty file. Or deleted it. It
should look like;
crw-rw-rw- 1 root root 5, 0 Jan 31 21:06 /dev/tty
You can make that with;
rm -f /dev/tty
mknod /dev/tty 6 0 c
chmod 666 /dev/tty
Kate
--
_______________________________________
John Looney Chief Scientist
a n t e f a c t o t: +353 1 8586004
www.antefacto.com f: +353 1 8586014
More information about the ILUG
mailing list