Re: Hacker on my system ?
- From: "Mike Lowery" <michael.j.lowery@xxxxxxxxxx>
- Date: Tue, 24 Oct 2006 21:04:15 GMT
"Chuck" <skilover_nospam@xxxxxxxxxxxxxx> wrote in message
news:qNt%g.5129$fA.704@xxxxxxxxxxx
Grant wrote:
On 24 Oct 2006 12:44:49 -0500, comphelp@xxxxxxxxx (Todd H.) wrote:
Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:
It is however also crucial that you scan the stuff you reinstall as well.This is a good anecdote as why reformating is a good first step before
When I was broken into I found files scattered all over the file system--
/tmp, /dev/, /home, ....
which were suid shells-- ie anyone knowing about them if they had any entry
at all onto the machine could simply run that program and be root.
Ie, scan all of the files you restore for suid
find / -perm +6000 -ls
check each one to see if it should be suid. su is fine. /tmp/banana
is not.
the reinstall.
I'd clear OS partition to zero, then reformat prior to install.
Grant.
Who's to say the format utility isn't compromised as well? I'd boot from
a CD-ROM (something non-writable) and do the format from there.
DBAN.
http://dban.sourceforge.net/
.
- Follow-Ups:
- Re: Hacker on my system ?
- From: Steven Mocking
- Re: Hacker on my system ?
- References:
- Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: Unruh
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: Grant
- Re: Hacker on my system ?
- From: Chuck
- Hacker on my system ?
- Prev by Date: Re: Hacker on my system ?
- Next by Date: Re: Hacker on my system ?
- Previous by thread: Re: Hacker on my system ?
- Next by thread: Re: Hacker on my system ?
- Index(es):
Relevant Pages
|
|
