> [mailto:[email protected]] On Behalf Of Torintino > T > > Suddenly i found an error while booting, it says: > > Fuck: can't open /dev/kmem for read/write (2)
On Thu, 29 Oct 2009, Danny Nicholas wrote: > You've been root-kit'ted. Go into recovery mode and restore your files. Any time you suspect that a box has been compromised the only solution is to pull the drives, replace them with fresh drives and install from the CD/DVD and your backups. What if the cracker munged your recovery mode to erase the drives or to plant itself back into your recovered system? You cannot trust any executable or script from the old drives. If you need data from the old drives, mount them as "non-boot" drives, copy the data and then label them as compromised and put them on the shelf until you know you don't need anything from them and then re-format. This assumes you aren't looking to go legal. Then you have to learn about "chain of custody" and preserving evidence. You should also examine every host on your network as well as any system that "trusts" this host. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards [email protected] Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
