Unnamed sources report that Chuck Gadd said:
> tim hibbard wrote:
> >
> > Sorry about the hacker misconception. The media does have it pretty well
> > embedded. Thanxs for the info.
> >
> > Any way the crackerput the linux root kit on my server, and it has trojan
> > horses. Can anyone instruct me on how to rid my system of this.
>
> It really depends on what root kit was used. I had a server cracked using the
>rkunshadow
> root kit. Take a look thru the scripts that make up the root kit. In my case, I
>had to
> reinstall the following RPM files:
Unless you're using Tripwire or some such, I recommend a re-installation.
IMHO, it's too much work to verify the integrity of all the binaries on your
system, otherwise (in the absence of Tripwire, anyway, and, if a system has
been compromised, even Tripwire may be suspect).
> Here's a list of updates we made (assuming you're running Redhat):
> netkit-base-0.10-13.i386.rpm
> nfs-server-2.2beta29-7.i386.rpm
> nfs-server-clients-2.2beta29-7.i386.rpm
> passwd-0.50-11.i386.rpm
> rsh-0.10-4.i386.rpm
> sh-utils-1.16-14.i386.rpm
> util-linux-2.8-11.i386.rpm
--
Kurt Wall
Informix-Linux FAQ - http://www.xmission.com/~kwall/iolfaq/english/iolfaq.html
Spanish Version - http://www.xmission.com/~kwall/iolfaq/spanish/iolfaqsp.html
Romanian Version - http://www.xmission.com/~kwall/iolfaq/romanian/iolfaq.htm
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
