Re: breakin help
Kevin Mark wrote:
> There are no top secret things on my system, so full reinstall is not an
You have disk space and bandwidth - many times that's all an attacker wants.
> I also checked 'top' for any unexpected processes and there was none.of
> course if top,ps and the kernel were replaced, then maybe I wouldn't know
1) Boot from a live cd and chroot to your local system
2) Use debsums (preferably copied from the live CD) to verify the integrity
of the libraries and binaries in your installed packages
3) Reinstall packages whose binaries or libraries do not match
Of course, the attacker could have trojaned your local apt cache, debsums'
dependencies, apt-get/aptitude, dpkg, your startup scripts, etc.
Eventually it just becomes easier to back up your data and wipe and
reinstall the system then to try to fully verify that the system is secure.