Re: /lib/security/.config

From: James Riden (s0197800@dai.ed.ac.uk)
Date: 03/13/02


From: James Riden <s0197800@dai.ed.ac.uk>
Date: 13 Mar 2002 16:55:48 +0000

Peter Eddy <petere@atg.com> writes:
> I will argue that by simply reformatting/reinstalling you've lost
> valuable knowledge of what crackers and their tools do and therefore
> make yourself more vulnerable to future attempts. I know this heterodoxy
> causes tempers to flair among well meaning security minded people, but
> the recommendation to simply reformat and reinstall often simply results
> in the machine returning to it's original vulnerable state.

I haven't heard anyone argue for that; "reinstall and this time apply
security patches" is the usual advice. Keep a copy of the rootkit, etc
by all means - I did last time I found one. Don't know if it proved
anything other than the particular cracker was to stupid to remove the
install script he used, but there you go. Honeynet does some
interesting work along those lines: http://project.honeynet.org/

cheers,
 Jamie

-- 
James Riden / james.riden@ed.ac.uk
MSc Student, Dept. of Informatics, University of Edinburgh.
My opinions are my own, not the University's.