You read it correctly... I was looking to find "safe" files to copy over the bogus ones until I get a chance to back the data off and restore. The RPMs provided me with fresh copies of the files I was looking for.
I'm pretty sure I've firewalled the perpetrator out, so it's now just a matter of postmortem procedures before the restoration. I'm still not sure what service was exploited. I *though* my box was fairly tight, minus a good IDS and firewall solution. Which is my own fault anyway. <shrug> Thanks for the help gentlemen. :) -Mike On Sun, 2 Dec 2001, Roy A. Urick wrote: > I think what he was requesting was file sizes, dates and checksums of known > good files to compare to his? Or even known "safe" files to just copy over > the top of his. > > Thats how I read it. > > ----- Original Message ----- > From: "Taco Scargo" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, December 02, 2001 5:21 PM > Subject: Re: [cobalt-security] root kitted :( > > > > What you asked for is unchanges programs. By installing the RPMS (again) > you > > restore the original versions. That's what you wanted, didn't you ? > > > > Anyway, if I were you, I'd store my data somewhere safe and restore the > box. > > > > Taco _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
