Re: breakin help

To: debian-user@lists.debian.org
Subject: Re: breakin help
From: Adam Aube <aaube01@baker.edu>
Date: Mon, 13 Sep 2004 22:06:05 -0400
Message-id: <[🔎] ci5jmc$4pu$1@sea.gmane.org>
References: <[🔎] 20040912061947.GA16235@debian.potter> <[🔎] ci1mfo$ui0$1@sea.gmane.org> <[🔎] 20040913062638.GE3656@debian.potter>

Kevin Mark wrote:

> There are no top secret things on my system, so full reinstall is not an
> urgency.

You have disk space and bandwidth - many times that's all an attacker wants.

> I also checked 'top' for any unexpected processes and there was none.of
> course if top,ps and the kernel were replaced, then maybe I wouldn't know

1) Boot from a live cd and chroot to your local system
2) Use debsums (preferably copied from the live CD) to verify the integrity
of the libraries and binaries in your installed packages
3) Reinstall packages whose binaries or libraries do not match

Of course, the attacker could have trojaned your local apt cache, debsums'
dependencies, apt-get/aptitude, dpkg, your startup scripts, etc.

Eventually it just becomes easier to back up your data and wipe and
reinstall the system then to try to fully verify that the system is secure.

Adam

Reply to:

Follow-Ups:
- Re: breakin help
  - From: Kevin Mark <kmark+debian-user@pipeline.com>

References:
- breakin help
  - From: Kevin Mark <kmark+debian-user@pipeline.com>
- Re: breakin help
  - From: Adam Aube <aaube01@baker.edu>
- Re: breakin help
  - From: Kevin Mark <kmark+debian-user@pipeline.com>

Prev by Date: vim syntax suddenly stopped
Next by Date: Re: vim syntax suddenly stopped
Previous by thread: Re: breakin help
Next by thread: Re: breakin help
Index(es):
- Date
- Thread