[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible comprommission, what to do ?

On Thu, 13 Nov 2014 09:57:48 +0100
Erwan David <erwan@rail.eu.org> wrote:

> 	I just got a call form police, that they have arrested a
> pirate who "tried" to connect to one of my (debian) servers. They tell
> me he is gifted, but since the policewoman I had one phone mixes
> server, web site and email address, it may not be completely accurate.
> However, I'd prefer be sure my server was not compromised, and at the
> lower possibe cost (in time and work). Is there a way to check the
> packages/installed files from outside sources (I may boot a fresh live
> system in order to have clean utilities), or even provoke a reinstall
> with a new download of the whole system ?

Have you run rkhunter (or similar) to check if a root-kit has been installed ?
              Behind every successful man there stands a woman,
                           telling him he is wrong.
                   -- http://www.olgiati-in-paraguay.org --

Reply to: