Re: Rootkit warning! (Was: Re: LS_COLORS error)
To mention the obvious: If you reinstall the same software with the same
configuration, you are also reinstalling the security flaw that let
someone install the rootkit in the first place. You should find how the
rootkit was installed (for this, keeping a copy of the compromised
system can help).
Christophe
On Fri, Jun 06, 2003 at 02:15:56AM -0700, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, Jun 06, 2003 at 10:22:03AM +0200, Nicos Gollan wrote:
> > Well, that depends on how much you'd trust the system when you just
> > removed the kit. I _think_ I got rid of it by deleting the files
> > mentioned in the small "analysis", and the machine at least seems to
> > behave normal since then.
>
> Never mind that there could still be backdoors waiting. The only way
> to secure a compromised box is reinstallation from scratch. It's the
> weakest link until then.
>
> - --
> .''`. Baloo Ursidae <baloo@ursine.ca>
> : :' : proud Debian admin and user
> `. `'`
> `- Debian - when you have better things to do than fix a system
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQE+4FvMJ5vLSqVpK2kRAk3qAKCD/6ou3C6QwrUjVdClDIKaDfFR6QCgr0Hh
> pJFfcTMJV09j7/ADrL/mLb4=
> =OFpX
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Christophe Barbé <christophe.barbe@ufies.org>
GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E
A qui sait comprendre, peu de mots suffisent.
(Intelligenti pauca.)
Reply to: