Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

System cracked, a story

On Sunday 25 May 2003 11:37 pm, Bill Horne wrote:
> On Sun, May 25, 2003 at 08:33:03PM -0400, Doug Sweetser wrote:
> [snip]
> > Last Sunday, someone with a root kit was able to replace my
> > /etc/passwd file.
> [snip]
> > The intruder wasted my time, but no data was lost.  If people have
> > other ideas about stopping root kits, I'd like to know.
> [snip]
> I suggest a wipe of the HD, and a reinstall of the OS from known good
> media. Once it's running the way you want, but BEFORE it's connected to the
> net, install Tripwire.

Been there, done that, seconding Bill.

There is ABSOLUTELY no other way to ensure there are no back doors on your 

Back up DATA AND CONFIG FILES ONLY, and even then eyeball the important ones.

Fresh install.

Restore data and config files.

Install Tripwire or some such tool.

Review your firewall rules.  Yes you need a firewall for dialup.

THEN connect it to the net.

DDDD   David Kramer         david at
DK KD  "Always listen to the experts. 
DKK D  They'll tell you what can't be done and why.
DK KD  Then do it."
DDDD                                                         Robert Heinlein

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /