Re: how to fix rootkit?
On Thu, 9 Feb 2012, Jason Fergus <email@example.com> wrote:
> Out of curiosity, couldn't one technically boot up a liveCD, mount the
> drive(s) and then download the .debs individually, then extract them
> over the mounted partitions, effectively copying over all of the
There is the possibility of SUID binaries not owned by packages and the issue
of configuration files which have malicious changes.
The best thing to do is to install all the same packages on a new system and
then run a "diff -r" on the /etc directory and determine which differences are
desired configuration changes and which might have been made by the attacker.
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/