On Wed, 11 Jun 2008, Mark Adams wrote: > (I know there are security issues as they have been additional users > created on my server and irc junk was put in the home folder)
If the box has been compromised, the only recourse is to erase the drives and start over. You can't trust anything on the box. Off the top of my head, this is how I would approach the problem. 1) Identify how the box was compromised. (A client box was recently (last 30 days) hacked. It was an old AAH installed by the client. The hacker used the default password on the admin account to exploit a buffer overflow in crond to gain root.) 2) Save any essential data -- and only the data, no executables. 3) Take the box off the Internet. 4) Boot DBAN and let it do it's thing. 5) Install a minimal OS from CD/DVD. 6) Clean up after the install -- turn off services, delete users, delete packages, add packages, etc. 7) Bring up to current patch level from your private repository. 8) Expose the box to the Internet. 9) Cross your fingers and actively monitor the box. Thanks in advance, ------------------------------------------------------------------------ Steve Edwards [EMAIL PROTECTED] Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
