[RndTbl] weird a.out in /var/log/httpd
athompso at athompso.net
Mon Jan 5 17:56:36 CST 2015
1) Run it on a 32-bit livecd
Otherwise, look at the elftools (or something like that) package to get more info about the binary.
Don't you run all your systems with selinux?
On January 5, 2015 5:33:35 PM CST, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>Uh oh. Finding an a.out in your /var/log/httpd doesn't instill
>a warm fuzzy feeling.
>I have ~ 4k a.out there dated Oct 12, which unfortunately is just past
>my logrotate cutoff now, so I can't check access.log (drat) without
>hitting the (hard to hit) backups.
>a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
>dynamically linked (uses shared libs), not stripped
>I fired up a live-cd linux with no disks or net attached to try to run
>it (I put it on a usb stick). But when I do *the shell* returns ENOENT
>and won't run. I tried ./a.out. I tried moving it to a fs that
>shouldn't be mounted noexec. I tried strace a.out and strace ./a.out
>and strace shows only the exec attempt and the error print and quit.
>Huh? How can I get this thing to run?
>Anyway to see what it is doing? Disassemble? It is not stripped, so
>gdb? How can I step-run it from the start (ie nothing executes until I
>What else to do with this file?
>I'll see if I can dig up the access.log from that date and get more
>Roundtable mailing list
>Roundtable at muug.mb.ca
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Roundtable