View previous topic :: View next topic |
Author |
Message |
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Sun Jan 21, 2018 9:36 pm Post subject: xt file in / |
|
|
i found a file in "/" named "xt"
when reading with nano the file shows: ^B' ^t ^T^= P 1^O | ^[
i searched the www for this file and could not find anything, does anyone know what the file does? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21624
|
Posted: Mon Jan 22, 2018 12:54 am Post subject: |
|
|
What is the output of od -tx1z -Ax /xt ; ls -l /xt? What programs were active around the time that the file was written? |
|
Back to top |
|
|
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Mon Jan 22, 2018 1:33 am Post subject: |
|
|
I moved the xt file into a different directory and renamed the xt file, in effort to reproduce the file, without success.
So maybe the output of the command you suggested might be different.
Code: | # od -tx1z -Ax /xt ; ls -l /xt
000000 02 27 a7 fd 94 b4 d3 14 9f a5 50 ac 31 0f d9 a0 >.'........P.1...<
000010 b6 bd 7c fd 1b 0a >..|...<
000016
-rw-r--r-- 1 root root 22 Jan 22 01:59 /xt |
At the time the file was created in ~amd64 xfce 17.0 profile:
Because of gcc upgrade:
Flashed seabios into the chromebook using:
Code: | # curl -L -O https://mrchromebox.tech/firmware-util.sh
# bash firmware-util.sh |
Fixed clock skew:
Code: | # touch currtime
# find . -cnewer /currtime -exec touch {} \; |
Used the wrong command to unpack stage3-amd64-20180116T214503Z.tar.xz
then deleted everything in / when installing Gentoo first time on this machine, and unpacked successfully after.
Running Qemu Gentoo Client in background which was doing "emerge -e @world"
Had WireShark running.
Beside the actions noted above i can not recall any other programs that were active around the time the file was written.
*edit* i also set static arp with help from this link https://forums.gentoo.org/viewtopic-t-1075010-highlight-.html
and switched back and forth from wpa_supplicant / nm-applet |
|
Back to top |
|
|
bunder Bodhisattva
Joined: 10 Apr 2004 Posts: 5934
|
|
Back to top |
|
|
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Mon Jan 22, 2018 2:02 am Post subject: |
|
|
I never used hardened profile on this system. |
|
Back to top |
|
|
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Mon Jan 22, 2018 4:11 am Post subject: |
|
|
i did had a power loss while doing emerge -e @world however i am not sure if that would cause xt file in /
also i had emerge --sync failure due to poor internet connection.
maybe the file was a left over from aborting the mrchromebox flash-utility download with curl?
Does the code of the xt file have an actual meaning or is it just random gibberish?
Code: | ^B' ^t ^T^= P 1^O | ^[ |
I guess all i can do right now is speculate, because i have no known facts. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Mon Jan 22, 2018 1:49 pm Post subject: |
|
|
Anything in history? If you ever become root, what about root's history? At least in every multi-person admin place I've been, random files are often "root droppings." Things left behind and forgotten about or not noticed, such as unintended redirection of output. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Mon Jan 22, 2018 4:02 pm Post subject: |
|
|
or bad script that assume a variable is set when its not
echo "${MYBAD}"/xt |
|
Back to top |
|
|
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Mon Jan 22, 2018 8:55 pm Post subject: |
|
|
pjp,
I just checked the root .bash_history and user .bash_history but could not find anything regarding the creation of the xt file.
krinn,
Is it possible that could happen during emerge -e @world?
I am sorry for this beginner question, however: Because i can not recall how the file got created in root, do i need to reinstall Gentoo for this reason?
i seen people say they only install Gentoo once on a machine, does that mean they never got infected? or does it mean there is no such thing as privacy on the internet?
Then again i can not state that the machine got compromised because of one single file that ended up in root, it might be just a bad script.. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Tue Jan 23, 2018 4:11 am Post subject: |
|
|
trikmik wrote: | Is it possible that could happen during emerge -e @world? |
No, else we would all have an /xt
Quote: | Because i can not recall how the file got created in root, do i need to reinstall Gentoo for this reason? |
LOL, then you will re-install a lot, disk never forget, but your memory is not that perfect, or just you did a mistake and you weren't aware of consequence of that mistake, or a script has done that for you, and you are not checking / every 2s to see if some xt file appears.
All you could do is answer: the file date is 22 Jan 22 01:59 what were you doing by that time? (and that's here you'll see your memory is not perfect).
Quote: | i seen people say they only install Gentoo once on a machine, does that mean they never got infected? |
If your machine is not expose, and you take care of what you download and run, you can stay safe for years. |
|
Back to top |
|
|
|