>I don't agree. That's too much work! \8)
>If you run an RPM based distro you can recover from a compromise..
Ditto.
Usually trojans or backdoor kits are removed with a **clean copy** of rpm and your Red
Hat CD. Mount your cd on /mnt/cdrom, then cd /mnt/cdrom. Use
RedHat/instimage/usr/bin/rpm -Uvh --force findutils-4.1-32.i386.rpm\
sh-utils-2.0-1.i386.rpm fileutils-4.0-8.i386.rpm\
binutils-2.9.1.0.23-6.i386.rpm net-tools-1.53-1.i386.rpm
to clean up the mess.
After the force re-install of the correct utilities and the cleanup of your rc.*
files, be sure to change your root password. A clean copy of 'ps' will also reveal a
daemon running that wasn't there before; kill it (it's the same one that you'll find
in /usr/sbin). usually sa mga rc* scripts mo there would be
lines like /usr/sbin/in.inetd
> 4. upgrade all non-infected packages with the latest security > upgrades.
True, check out sites like SANS,CERT,PACKETSTORM and the latest none exploitable
versions of your services.
check out LIDS (Linux Intrusion Detection System) if you want to
prevent future compromises, be wary though its a bit tricky with
some services you might have.
-- charles
Get 250 color business cards for FREE!
http://businesscards.lycos.com/vp/fastpath/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
