Re: files in /var/tmp

To: debian-user@lists.debian.org
Subject: Re: files in /var/tmp
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Mon, 16 Apr 2007 11:19:50 -0400
Message-id: <[🔎] 20070416151950.GA8064@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 46238C04.30709@fgm.com>
References: <[🔎] 1176072273.461970510df3d@mail.bluebottle.com> <[🔎] 20070408230928.GA16241@galactic.demon.co.uk> <[🔎] 46238C04.30709@fgm.com>

On Mon, Apr 16, 2007 at 10:45:24AM -0400, Daniel B. wrote:
> Andrew M.A. Cater wrote:
> >On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote:
> ...
> >>My system (Debian Etch) has been recently compromised and I deleted most 
> >>of the suspicious files. However I am not sure about these. Is it safe to 
> >>delete them or do you think some process expects them to be there?
> ...
> >Use Darik's Boot and Nuke to wipe the disk as thoroughly as you can. 
> >Then re-install with Etch and clean media.
> 
> Why would you need to erase the disk like that?
> 
> (As long as you re-create the systems on the partitions, there's no
> way the unerased sectors from previous files (from the compromise,
> before the file-system re-creation) will be strung together to re-create
> the bad files, right?)

Why risk it?

Personally, I'd boot with grml and use wipe on the whole device.

Doug.

Reply to:

Follow-Ups:
- Re: files in /var/tmp
  - From: John Hasler <jhasler@debian.org>

References:
- files in /var/tmp
  - From: Kamaraju Kusumanchi <kamaraju@bluebottle.com>
- Re: files in /var/tmp
  - From: amacater@galactic.demon.co.uk (Andrew M.A. Cater)
- Re: files in /var/tmp
  - From: "Daniel B." <REMOVEdanielCAPS@fgm.com>

Prev by Date: Re: Confusion between hde1 and hda1
Next by Date: Re: root level access for normal users
Previous by thread: Re: files in /var/tmp
Next by thread: Re: files in /var/tmp
Index(es):
- Date
- Thread