Re: unknown process
From: Peter Pentchev (firstname.lastname@example.org)
- Next message: Dag-Erling Smorgrav: "Re: unknown process"
- Previous message: Rasputin: "Re: unknown process"
- In reply to: Rasputin: "Re: unknown process"
- Next in thread: Dag-Erling Smorgrav: "Re: unknown process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Apr 2001 12:54:27 +0300 From: Peter Pentchev <email@example.com> To: Rasputin <firstname.lastname@example.org>
On Thu, Apr 19, 2001 at 10:48:19AM +0100, Rasputin wrote:
> * Peter Pentchev <email@example.com> [010419 10:42]:
> > On Thu, Apr 19, 2001 at 11:31:26AM +0200, Dag-Erling Smorgrav wrote:
> > > "David G. Andersen" <firstname.lastname@example.org> writes:
> > > > You've been hacked. Do what Kris said immediately - take your
> > > > system offline, and figure out how they got in. You'll likely
> > > > need to either restore from backups, a fresh install, or check
> > > > your tripwire/etc logs to determine what else the intruder
> > > > changed, if they installed a rootkit, etc.
> > >
> > > It's not either/or. The only acceptable solution to this situation is
> > > a complete reinstall from a trusted source (e.g. original CD set).
> Just a though - do the cvs servers count as 'trusted'?
> How feasible would it be to cvsup and installworld?
> I'd personally go for reinstalling the compiler, cvsup binary,
> networking packages, etc from CD
> first - that probably wouldn't be enough, though, would it?
If you're doing this on the same machine, you should also watch out for
kernel modules, rc scripts and stuff.. I say a clean install, and then..
if the previous setup had been right.. all the additional programs and configs
should be easily rebuilt/restored from CVS or similar. As to the data,
and DATA ONLY, backups should be safe.
-- I am jealous of the first word in this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message