Re: My server catched a rootkit?
El 2010-11-28 a las 12:14 -0500, Brad Alexander escribió:
(resending to the list)
> On Sun, Nov 28, 2010 at 7:22 AM, Camaleón wrote:
(...)
> > I'm not an expert in linux computer forensics but your logs are
> > displaying scaring information happening in your box. Secunia reports a
> > high impact on affected system ("security bypass, manipulation of data
> > and system access"):
> >
> > http://secunia.com/advisories/42052
> >
> > Maybe is time to perform clean install as Jochen suggested.
> Agreed. Its like viruses in the windows world. As was once said, "nuke
> the site from orbit. It's the only way to be sure."
>
> You are likely to miss an attacker's back door (remember he may have
> many) if you try to "clean" the system. You *must* rebuild and secure
> along the way. Use the latest versions of the configs (you can
> probably back up /etc and other config directories -- but only use the
> old files for reference, don't put them in place en masse).
>
> Once complete, use nmap and nessus to scan the boxes, and only open
> ports that are needed.
>
> --b
Greetings,
--
Camaleón
Reply to: