Re: files in /var/tmp
On Mon, Apr 16, 2007 at 10:45:24AM -0400, Daniel B. wrote:
> Andrew M.A. Cater wrote:
> >On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote:
> ...
> >>My system (Debian Etch) has been recently compromised and I deleted most
> >>of the suspicious files. However I am not sure about these. Is it safe to
> >>delete them or do you think some process expects them to be there?
> ...
> >Use Darik's Boot and Nuke to wipe the disk as thoroughly as you can.
> >Then re-install with Etch and clean media.
>
> Why would you need to erase the disk like that?
>
> (As long as you re-create the systems on the partitions, there's no
> way the unerased sectors from previous files (from the compromise,
> before the file-system re-creation) will be strung together to re-create
> the bad files, right?)
Why risk it?
Personally, I'd boot with grml and use wipe on the whole device.
Doug.
Reply to: