Les Mikesell wrote:
Jacques B. wrote:
You can't honestly suggest that there should be a tool that can check
your entire system for any evidence of intrusion and fix it?
Well yes... Since there isn't a handier one, I usually do it by
restoring a backup from a time when I trusted the machine into a
subdirectory of some other machine, then running rsync -avn against the
live one to see what has changed.
That might not be good enough. 'rsync -a' will skip more thorough
checks if two files size and mod times match. An attacker could fairly
easily produce a binary of the same size, and fix the mod time after
installation.
If you add '-I', then rsync will report comparing all of the files in
your system, so that's no good either. You probably need to use a
backup copy of the rpm database to do an 'rpm -Va' to verify your system
files.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
