[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromised system - still ok?



In article <20050207115234.GR8765@A-Eskwadraat.nl> you wrote:
> I co-administer a system with ~ 250 users, a significant part of them I
> don't know very well personally, and really, I don't rule out some of
> them might try to do some cracking, of, more likely, has such a shoddy
> password policy or infected windows system that their account will be
> used to.
> 
> Should I now reinstall these systems daily?

Well, the problem is of course root compromise. However, on such a system,
break-ins are very likely and you better do checks regularly. This is to
protect your users.

> In both my case, and the thread starter's case, a normal user account
> might or was definitely in the hands of someone malicious. In both
> cases, no evidence whatsoever was there that there was even an attempt
> at becoming root.

Then a re-install might not be needed. At least if you can explain how the
user account could have been compromised.

Bernd



Reply to: