Re: Hacker on my system ?

On 24 Oct 2006 12:44:49 -0500, comphelp@xxxxxxxxx (Todd H.) wrote:

Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:

It is however also crucial that you scan the stuff you reinstall as well.
When I was broken into I found files scattered all over the file system--
/tmp, /dev/, /home, ....
which were suid shells-- ie anyone knowing about them if they had any entry
at all onto the machine could simply run that program and be root.

Ie, scan all of the files you restore for suid
find / -perm +6000 -ls
check each one to see if it should be suid. su is fine. /tmp/banana
is not.

This is a good anecdote as why reformating is a good first step before
the reinstall.

I'd clear OS partition to zero, then reformat prior to install.