Can anyone share their RedHat 9 /sbin/init file please?

[Kaveyhosting]

I got a server that got "hacked" and they put in a rootkit. I need a clean /sbin/init file to replace the one they left. If you can copy and paste yours or something that would be great. Thanks in advance.

[chirpy]

/sbin/init is part of the SysVinit rpm which you can get from any RH9 mirror and do an rpm force install.

That said, if you've suffered a root compromise you should not try to clean it up - your server as it stands can never be trusted again unless you remove the OS disk and send it off to forensic security specialists to clean as there could always be a backdoor lurking around. You should really backup your users data and perform an OS reinstall and then restore, fixing the security whole that you were compromised through. Better yet, upgrade to a supported OS, such as CentOs, since RH9 is now full of local root compromises, since it's been EOL for a year and a half now.

[Kaveyhosting]

/sbin/init is part of the SysVinit rpm which you can get from any RH9 mirror and do an rpm force install.

That said, if you've suffered a root compromise you should not try to clean it up - your server as it stands can never be trusted again unless you remove the OS disk and send it off to forensic security specialists to clean as there could always be a backdoor lurking around. You should really backup your users data and perform an OS reinstall and then restore, fixing the security whole that you were compromised through. Better yet, upgrade to a supported OS, such as CentOs, since RH9 is now full of local root compromises, since it's been EOL for a year and a half now.

Thanks for all of the help. Ill give that a shot.

This is a production server with over 300 accounts on it. I am waiting on a new server to be loaded... I have been up all night working on this server. At the moment I am just trying to clean it up the best I can to minimize or ideally eliminate downtime when I move all the accounts to the new server I am waiting on. The new one is CentOS... I got this box before I started using CentOS.

[chirpy]

To save you the search, this should work:

Code:

rpm -Uvh --force http://ftp.belnet.be/pub/mirror/ftp.redhat.com/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/SysVinit-2.84-13.i386.rpm