If I backup the /etc/ssh/ folder and reinstall then copy the /etc/ssh/ folder back will this be fine?
On 10/27/06, Jason Holt <[EMAIL PROTECTED]> wrote:
On Fri, 27 Oct 2006, Jonathan Ellis wrote: > On Fri, 27 Oct 2006 13:54:07 -0600, "Daniel" <[EMAIL PROTECTED]> > said: >> There was a successful ssh attack on one of our boxes. We need to allow >> ssh >> access to those outside the organization. The attacker put a homegrown >> rootkit on the server. The rootkit was stopped, but since then ssh has >> been >> logging to /var/log/messages. The relavent configuration files I know >> about >> (/etc/ssh/sshd_config, /etc/ssh/ssh_config, /etc/syslog) are the same a >> server that I works. /var/log/secure is not getting any messages. What >> can >> I do to restore ssh to its previous state without reinstalling it? > > You should reinstall; if you had a rootkit installed, you have no idea > what else is compromised. Indeed. And if you don't believe us, ask Ken Thompson: http://www.acm.org/classics/sep95/ (He came to a security talk I gave the other day. w00t!) /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
