[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: breakin help

Kevin Mark wrote:

> There are no top secret things on my system, so full reinstall is not an
> urgency.

You have disk space and bandwidth - many times that's all an attacker wants.

> I also checked 'top' for any unexpected processes and there was none.of
> course if top,ps and the kernel were replaced, then maybe I wouldn't know

1) Boot from a live cd and chroot to your local system
2) Use debsums (preferably copied from the live CD) to verify the integrity
of the libraries and binaries in your installed packages
3) Reinstall packages whose binaries or libraries do not match

Of course, the attacker could have trojaned your local apt cache, debsums'
dependencies, apt-get/aptitude, dpkg, your startup scripts, etc.

Eventually it just becomes easier to back up your data and wipe and
reinstall the system then to try to fully verify that the system is secure.


Reply to: