l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2010 Oct 23 18:11

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] find not found
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] find not found



On 10/23/2010 11:00 AM, Rod Roark wrote:
> A strange thing happened last night around 10:09 pm.  I had just rebooted
> my home server (running Ubuntu 10.04), and then started getting emails
> from cron jobs saying this:
> 
> /bin/sh: find: not found
> 
> Sure enough, /usr/bin/find did not exist.  Brought up the Synaptic
> package manger and learned that findutils was indeed installed, and
> that /usr/bin/find is one of the files that it installs.  Somehow this
> file had simply disappeared.
> 
> It seems that installing packages requires find, so I ended up copying
> it over from another machine running the same distribution.  Then I
> forced a reinstall of findutils and all was good.
> 
> Except I have no clue what happened.  Checking the logs did not
> turn up anything interesting.  Any ideas?

First, backup anything important.

It could of course be a strange typo while root, but I would also be
suspicious of a disk error.  Any hints form dmesg?  Maybe a hdparm -long
test would be indicated.

Another possibility is a hacked machine where they replace ps/find/ls
and friends to hide... although to be honest seems like 99% of such
attacks these days attack the kernel and hide that way.

The only way to be completely sure is install from trusted media, but
you could:
* boot from trusted media, figure out where all your disk space is
  being used.  Maybe run a rootkit detector or two (but in my
  experience they are useless).
* Nmap from a remote machine, make sure only the ports you expect
  are open.
* Make sure you are patched of course
* monitor network traffic upstream (from a different machine/fw).. even
  just monitoring your uplink light.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.