Re: Houston, I May Have a Problem (chkrootkit Results)

To: Scarletdown <gsutton9503@wavecable.com>
Cc: debian-user@lists.debian.org
Subject: Re: Houston, I May Have a Problem (chkrootkit Results)
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Sun, 29 Aug 2004 01:01:14 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1040829004724.28517A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200408282159.39192.gsutton9503@wavecable.com>

hi ya scarledown

On Sat, 28 Aug 2004, Scarletdown wrote:

> I'm in the process of archiving and backing up my documents, images, 
> media, and other stuff I want to keep now, about 425MB worth of stuff.  

cool ... luckily ... the culprit didnt do anything worst to your machine

however, you should have already had backups ..

now that you know you probably have been cracked, its too late to start
doing backups, and definitely do NOT overwrite any old backups since
they contain good backups and your current system ( backup you're doing
now ) is suspect and all you might be doing is saving their trojan
and restoring it again on your new install

---
we know you been cracked ( evidenced by your chkroot )
with top, ps, etc being infected 

the serious problem is ... lest it occur again for the same reason ...
	- how did that happen ... why havent other boxes been cracked
	- how did they get in
	- who got in ..
	- how long have they been in
	- what other machines have they cracked
	- why they got in.... well probably for fun in this case

	- on and on ..

	- and if the attacking site came from goes to *.gov server,
	than call the local fbi branch and chase down the attacker

- if you simply reinstall ... you have a high risk they will revisit
  and get back into your new box too

---

> Hopefully, I'll be back up and operational in a few hours.  As I had 
> done with my last reinstall, I will be doing Mepis again, since it 
> already has nVidia support.  My big question that I have been pondering 
> is, with an 80GB hard drive and a 13.6GB hard drive, what would be the 
> best partitioning scheme, instead of having just one big root partition 
> and a swap partition?

how much swap would be dictated by your apps
 
	- watch how much swap is used ... ( top -i ) when blender is
	running

	- if blendor is using 128MB of swap, add that much more memory

- if the apps used up all of the system memory and runs out of swap,
  its highly likely the system randomly decides to reboot or worst
  start to eat itself, though it usually doesnt happen lately

- in your case, size of swap is not a trivial answer since you're running
  blender .. and we dont know how much resources your system is using
 	( 3D stuff is memory/disk intensive )


(my) recommended partitions ... for googletuple reasons ..
	/	- 256MB so your can get into single user to fix things
	/tmp	- 256MB so you or the cracker doesnt have much play room
	/var	- 512MB or the size of your package manager and apps
	/usr	- 4096MB for all the apps you install manually
	swap	- 2x physical memory was the old guideline when memory was
		  super-duper expensive and in the kB of total memory 
		  ( current wap size i use is a blind 512MB or so and if
		  ( all of swap is used, add more physical memory
	/rest of disk

c ya
alvin

Reply to:

Follow-Ups:
- Re: Houston, I May Have a Problem (chkrootkit Results)
  - From: Bradley M Alexander <storm@tux.org>
- Re: Houston, I May Have a Problem (chkrootkit Results)
  - From: gsutton9503@wavecable.com

References:
- Re: Houston, I May Have a Problem (chkrootkit Results)
  - From: Scarletdown <gsutton9503@wavecable.com>

Prev by Date: Working backup solution?
Next by Date: Re: Working backup solution?
Previous by thread: Re: Houston, I May Have a Problem (chkrootkit Results)
Next by thread: Re: Houston, I May Have a Problem (chkrootkit Results)
Index(es):
- Date
- Thread