 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Sunday 25 May 2003 11:37 pm, Bill Horne wrote: > On Sun, May 25, 2003 at 08:33:03PM -0400, Doug Sweetser wrote: > [snip] > > > Last Sunday, someone with a root kit was able to replace my > > /etc/passwd file. > > [snip] > > > The intruder wasted my time, but no data was lost. If people have > > other ideas about stopping root kits, I'd like to know. > > [snip] > > I suggest a wipe of the HD, and a reinstall of the OS from known good > media. Once it's running the way you want, but BEFORE it's connected to the > net, install Tripwire. Been there, done that, seconding Bill. There is ABSOLUTELY no other way to ensure there are no back doors on your system. Back up DATA AND CONFIG FILES ONLY, and even then eyeball the important ones. Fresh install. Restore data and config files. Install Tripwire or some such tool. Review your firewall rules. Yes you need a firewall for dialup. THEN connect it to the net. ---------------------------------------------------------------------------- DDDD David Kramer david at thekramers.net http://thekramers.net DK KD "Always listen to the experts. DKK D They'll tell you what can't be done and why. DK KD Then do it." DDDD Robert Heinlein
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
