SLUG Mailing List Archives
Re: [SLUG] Help I got hacked!!
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Help I got hacked!!
- From: Andy Eager <eagera@xxxxxxxxxxxxxxx>
- Date: Mon Jul 2 19:18:01 2001
- User-agent: Mozilla/5.0 (X11; U; Linux 2.2.19-6.2.1 i686; en-US; 0.8.1) Gecko/20010421
Thanks for that lovely piece of information. I guess the key to the
whole thing is to have a reasonably quick and easy way of installing
from scratch without having to go through all the headaches associated
with a 'clean install'.
Fortunately I keep all data backed up, so thats not a problem but having
built the machine from scratch as a humble newbie only 6 months ago
(.... I couldn't even spell Linux...) I've got stuff like nfs, ntp,
named, samba etc, etc which all just 'evolved' over time.
Wouldn't a reasonable compromise be to do the following:
verify each installed package: rpm -V -a
(Now we know each package is OK)
for each file in all directories except home, do: rpm -qif <filename>
(If it doesn't belong to any package then warn user)
The problem I have is that it will probably take me days to rebuild (and
re-remember) everything I did over the past six months in terms of
administration. Then having done that, the same thing happens
again..... (because I still don't know how they got in)
( A desperate optimist who untill now, believed that all people (even
hackers) were good )
Jeff Waugh wrote:
You *need* to take the machine offline, and rebuild or replace it. This is
the only safe way to deal with it (and not having it come back to bite your
arse next rainy day).