I went to update a system today and found the GUI gone. Logged in at the root level and found framework disabled. When I go to install it I see the following error:
[Whoops\Exception\ErrorException]
unlink(/var/www/html/admin/views/config.php): Operation not permitted
When I run fwconsole chown I see
[root@WarnerRobinsOBGYN ~]# fwconsole chown
Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
Setting Permissions...
Setting base permissions...chmod: changing permissions of `/var/www/html/admin/views/config.php': Operation not permitted
chown: changing ownership of `/var/www/html/admin/views/config.php': Operation not permitted
Done
Setting specific permissions...
28316 [============================]
Finished setting permissions
This is not good, the spurious file is owned by root. Look for evidence of ssh login from unknown IPs in /var/log/secure. See if the Apache or Asterisk services are running as root (they should not be).
If you have a root compromise, i fear you are in restore from backup territory.