Re: '(no
In linux.debian.security, you wrote:
> On Sat, 15 Sep 2001, Petro wrote:
>
>> If you believe that you've been hacked, fdisk and restore from
>> backup--if you are absolutely positive your backup is clean.
>> Otherwise rebuild from scratch.
>
> I can easily agree with the above, emphasizing the "if" clause on top of
> it. You do not want to wipe away your computer and spend a good amount of
> time rebuilding it unless you _believe_ it has been rooted. That's why you
> unplug it (to begin with) and carefully check the contents of its hard
> disk(s) using a known good system, possibly using another computer
> altogether to do the check.
>
> THEN you wipe the compromised system away and reinstall it...
"I can easily agree with the above, emphasizing the "if" clause". ;)
If you're good at hunting down r00tkits, and the server is not critical,
then yes. Besides, it's a good learning experience.
If you want the server back on-line ASAP, wipe and reinstall is usually
faster.
Dima
--
Well, lusers are technically human. -- Red Drag Diva
Reply to:
- Follow-Ups:
- Re: '(no
- From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- References:
- Re: '(no
- From: Petro <petro@auctionwatch.com>
- Re: '(no
- From: Giacomo Mulas <gmulas@ca.astro.it>