[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My server catched a rootkit?

El 2010-11-28 a las 12:14 -0500, Brad Alexander escribió:

(resending to the list)

> On Sun, Nov 28, 2010 at 7:22 AM, Camaleón wrote:

(...)

> > I'm not an expert in linux computer forensics but your logs are
> > displaying scaring information happening in your box. Secunia reports a
> > high impact on affected system ("security bypass, manipulation of data
> > and system access"):
> >
> > http://secunia.com/advisories/42052
> >
> > Maybe is time to perform clean install as Jochen suggested.

> Agreed. Its like viruses in the windows world. As was once said, "nuke
> the site from orbit. It's the only way to be sure."
> 
> You are likely to miss an attacker's back door (remember he may have
> many) if you try to "clean" the system. You *must* rebuild and secure
> along the way. Use the latest versions of the configs (you can
> probably back up /etc and other config directories -- but only use the
> old files for  reference, don't put them in place en masse).
> 
> Once complete, use nmap and nessus to scan the boxes, and only open
> ports that are needed.
> 
> --b

Greetings,

-- 
Camaleón
Reply to: