On Fri, Feb 25, 2011 at 7:30 PM, John Hasler
<jhasler@debian.org> wrote:
Andrei Popescu wrote:
> But there is no 100% way to tell the machine is clean, so you will
> have to wipe and reinstall anyway.
But if the machine is in fact clean you will have lost nothing but time.
Which is better: to know for sure that the Russian mafia got all your
customer records or suspect that they might have but have reason to
believe that that they probably didn't?
--
'nothing but time' - you know that businesses spend tons of money to get more 9s of uptime.
if a website grosses $500 an hour (for ads or for what they sell) and you wipe the box and reinstall, you might have lost $2k (if you're real good at setting up a web server). and if you use something from your previous install that has something you don't want, you've gained nothing. if you go and reinstall the backend db, you might have gained nothing as if you recreate the db with your old data that has an account you don't want or a trigger that does something you were trying to stop, you gained nothing.
remember, there is rarely a good reason to reboot a linux box and even less of a reason to reinstall.
imo, good logs, properly configured ids, services run in chroot, selinux, and properly configured f5 are better than wasting time for no good reason.