unsp...@hushmail.com writes > > I know, but I am not sure how to clean the machine without > > a completely loosing all the data. > > Allow me to correct your scope: "cleaning" the system is not an > option (unless you have the skills, time and independent, > autonomous ways to unambiguously verify the filesystem, data and > backup integrity) and losing valuable data isn't your problem, or > put differently: if the user gained access to the root account then > basically all bets are off and *you don't know what she got > already*.
What she reads is not an issue. The data is all a public read, with the exeption of the stuff that would get somebody write access. I backed up /etc /root /var and /home and reinstalled the rest, copying back those four directories when I was done. /etc/inittab was affected by the shv4/shv5, I copied a clean copy from anothor box. > For instance shell history might not show she transferred > passwords off the system. And if systems are connected and > passwords shared beween accounts then not taking drastic measures > now to contain the situation might even facilitate (easier) > compromise of other systems. I had 10 other systems broken into during the same attack. Afaik this was the only one the attacker set up a root kit on. She probably was not excited by the stuff she saw on the other boxes. Thanks and cheers, Thomas Krichel http://openlib.org/home/krichel RePEc:per:1965-06-05:thomas_krichel skype: thomaskrichel ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
