Re: Hacker on my system ?
- From: Grant <g_r_a_n_t_@xxxxxxxxxxx>
- Date: Wed, 25 Oct 2006 05:01:51 +1000
On 24 Oct 2006 12:44:49 -0500, comphelp@xxxxxxxxx (Todd H.) wrote:
Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:
It is however also crucial that you scan the stuff you reinstall as well.
When I was broken into I found files scattered all over the file system--
/tmp, /dev/, /home, ....
which were suid shells-- ie anyone knowing about them if they had any entry
at all onto the machine could simply run that program and be root.
Ie, scan all of the files you restore for suid
find / -perm +6000 -ls
check each one to see if it should be suid. su is fine. /tmp/banana
is not.
This is a good anecdote as why reformating is a good first step before
the reinstall.
I'd clear OS partition to zero, then reformat prior to install.
Grant.
--
http://bugsplatter.mine.nu/
.
- Follow-Ups:
- Re: Hacker on my system ?
- From: Chuck
- Re: Hacker on my system ?
- References:
- Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: sdonnet
- Re: Hacker on my system ?
- From: Todd H.
- Re: Hacker on my system ?
- From: Unruh
- Re: Hacker on my system ?
- From: Todd H.
- Hacker on my system ?
- Prev by Date: Re: how to connect to a server outside of network
- Next by Date: Re: how to connect to a server outside of network
- Previous by thread: Re: Hacker on my system ?
- Next by thread: Re: Hacker on my system ?
- Index(es):
Relevant Pages
|
|
