Re: Script to System Check Integrity against Debian Package Repository
Paul Wise:
> On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote:
>
>> Why not just reinstall from a trusted source, then restore /etc, /home and /var from backups
>> and audit the changes introduced by that only?
>
> That is a slightly short-sighted way to do it; if you restore from
> scratch without doing any forensics you won't know which methods your
> attackers used and how you can defend yourself from them after you
> have restored the system from scratch. Perhaps they will attack you
> again soon afterwards.
>
I didn't have that argument in mind, but I am happy to read it.
Reply to: