System cracked, a story
Bill Horne
bill at billhorne.homelinux.org
Sun May 25 23:37:24 EDT 2003
On Sun, May 25, 2003 at 08:33:03PM -0400, Doug Sweetser wrote:
[snip]
> Last Sunday, someone with a root kit was able to replace my
> /etc/passwd file.
[snip]
> The intruder wasted my time, but no data was lost. If people have
> other ideas about stopping root kits, I'd like to know.
[snip]
I suggest a wipe of the HD, and a reinstall of the OS from known good media.
Once it's running the way you want, but BEFORE it's connected to the net,
install Tripwire.
HTH.
Bill Horne
More information about the Discuss
mailing list