Re: Linux and security
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 07/30/03
- Next message: Doug McComber: "Iptables problem"
- Previous message: Cameron L. Spitzer: "Re: Linux and security"
- In reply to: Cameron L. Spitzer: "Re: Linux and security"
- Next in thread: David: "Re: Linux and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 11:45:47 -0700
In article <slrnbig16k.rbk.spambait@truffula.sj.ca.us>,
Cameron L. Spitzer wrote:
>> you have a file called vmlinuz then you are infected. delete this file using
>> the command 'rm -f vmlinuz'
>
> None of my systems would care if /vmlinuz were removed.
> It's usually a symlink to the installation kernel, which isn't
Even if it were the actual kernel image, the mere act of unlinking it
does not affect the on-disk sectors, which are listed in the LILO map.
You can continue to boot an rm'ed vmlinuz until such time as the system
gets around to reusing those sectors.
> I leave it around to mislead intruders.
> Darn, now it's not a secret any more.
Haha. :) I employ numerous such measures. There's no sure way to defeat
an attacker with physical access to your machine (even disk encryption
can have weaknesses), but there's satisfaction in knowing that 1.) they
would have to hire someone who really DOES know something about
computers, and 2.) that someone would have to waste a lot of time
chasing wild geese. :)
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Doug McComber: "Iptables problem"
- Previous message: Cameron L. Spitzer: "Re: Linux and security"
- In reply to: Cameron L. Spitzer: "Re: Linux and security"
- Next in thread: David: "Re: Linux and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
