Forensics 6. Rootkit revealed

  foo% cd /dev/pts/01
  foo% ls -lRa
  total 64
  drwxr-xr-x    4 root     sys           90 Aug 29 14:17 .
  drwxr-xr-x    3 root     sys           60 Aug 29 14:17 ..
  -rwxr-xr-x    1 root     sys          356 Aug 29 14:17 README
  drwxr-xr-x    2 root     sys           70 Aug 29 14:17 backup
  -rwxr-xr-x    1 root     sys         4032 Aug 29 14:17 cleaner
  drwxr-xr-x    2 root     sys          132 Aug 29 14:17 etc
  -rwxr-xr-x    1 root     sys        16772 Aug 29 14:17 pg
  -rwxr-xr-x    1 root     sys         1323 Aug 29 14:17 tmp
  ./backup:
  total 544
  drwxr-xr-x    2 root     sys           70 Aug 29 14:17 .
  drwxr-xr-x    4 root     sys           90 Aug 29 14:17 ..
  -rw-r--r--    1 root     sys         4260 Aug 29 14:17 inetd.conf
  -r-xr-sr-x    1 root     sys       151152 Aug 29 14:17 netstat
  -rwxr-sr-x    1 root     sys        43632 Aug 29 14:17 ps
  -rwsr-xr-x    1 root     sys        69940 Aug 29 14:17 scheme