Re: Hacker on my system ?



On 24 Oct 2006 12:44:49 -0500, comphelp@xxxxxxxxx (Todd H.) wrote:

Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:

It is however also crucial that you scan the stuff you reinstall as well.
When I was broken into I found files scattered all over the file system--
/tmp, /dev/, /home, ....
which were suid shells-- ie anyone knowing about them if they had any entry
at all onto the machine could simply run that program and be root.

Ie, scan all of the files you restore for suid
find / -perm +6000 -ls
check each one to see if it should be suid. su is fine. /tmp/banana
is not.

This is a good anecdote as why reformating is a good first step before
the reinstall.

I'd clear OS partition to zero, then reformat prior to install.

Grant.
--
http://bugsplatter.mine.nu/
.



Relevant Pages

  • Re: Hacker on my system ?
    ... which were suid shells-- ie anyone knowing about them if they had any entry ... scan all of the files you restore for suid ... I'd clear OS partition to zero, then reformat prior to install. ... Who's to say the format utility isn't compromised as well? ...
    (comp.security.ssh)
  • Re: Hacker on my system ?
    ... which were suid shells-- ie anyone knowing about them if they had any entry ... scan all of the files you restore for suid ... I'd clear OS partition to zero, then reformat prior to install. ... Who's to say the format utility isn't compromised as well? ...
    (comp.security.ssh)
  • Re: How could this account have been cracked?
    ... I have so many different services running on it, ... easiest way to migrate would be to buy a new box and then install the ... you don't need to touch your /home tree. ... rooted and it had suid shells scattered all over the place. ...
    (comp.os.linux.security)
  • Re: How could this account have been cracked?
    ... you don't need to touch your /home tree. ... People can install garbage anywhere. ... machine rooted and it had suid shells scattered all over the ... to look for any suid and guid files in the /home directory. ...
    (comp.os.linux.security)
  • Re: suid script
    ... You shouldn't need to install anything on ... > write a short C wrapper to call your script and set this suid. ... > Failing that, tell your admin he is an idiot. ...
    (comp.unix.shell)