Re: Compromised system - still ok?
In article <20050207115234.GR8765@A-Eskwadraat.nl> you wrote:
> I co-administer a system with ~ 250 users, a significant part of them I
> don't know very well personally, and really, I don't rule out some of
> them might try to do some cracking, of, more likely, has such a shoddy
> password policy or infected windows system that their account will be
> used to.
> Should I now reinstall these systems daily?
Well, the problem is of course root compromise. However, on such a system,
break-ins are very likely and you better do checks regularly. This is to
protect your users.
> In both my case, and the thread starter's case, a normal user account
> might or was definitely in the hands of someone malicious. In both
> cases, no evidence whatsoever was there that there was even an attempt
> at becoming root.
Then a re-install might not be needed. At least if you can explain how the
user account could have been compromised.