old FC haceked system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi.

Got an old FC system that was hacked. - I know - my own fault
(perhaps) should have updated, etc,,,



The system is vital, need to extract all/as much of the files from the
700G drive as possible. I'm going to blow away the corrupt system,
replacing the system with centos 6.5.

On the corrupted machine, when it was setup, the partitions where such
that most of the data was written to the /apps partition - so
hopefully most of what I really need will be there. However, I'm
pretty sure that a chunk of other useful/critical stuff was placed on
other dirs within the drive.

I'd like comments/suggestions on my approach to resolve the issue:

-Setup new machine with a couple of drive bays
-take the corrupted drive, insert it in new machine's drive bay
-insert clean 750G drive in the other drive bay
-from the new machine, do a complete "find" on the corrupted
 drive to get a "complete" list of files/dirs/tree
-go down the list, identifying the initial dirs/files that are
important/data, that aren't part of the OS
   --copy these dirs/files to a tmp area on the clean drive, maintaining
     the dir structure
   -repeat this process untill I pretty much get the data files
(txt/py/pl/php/etc..)
--go through a complete process, trying to identify all the apps/functions
  that were added to the corrupt system.
  -identify these apps, as well as the rpms required to generate the functions
 -create a script to auto install these apps/functions from the associated
  centos/associated centos repos
-handle all mysql stuff by doing a mysqldump from the good machine,
 reading the mysql data from the corrupted drive, and then copying
 reinserting the mysql data into the new mysql on the clean/tmp machine
-identify any dev languages/environments (py/gearman/perl/php/etc..)
 and the required rpms to install or run to recreate the env on the
 clean/tmp machine

-identify all of the "services" running on the corrupt system/drive,
 and clean/install the rpms/services on the clean/tmp machine/drive
-change all ssh keys for the new clean/tmp drive/machine..
-change all passwds on the new machine
-for any web sites, change all passwds


-the goal is to recreate the file system/dirs/files from the corrupt
 machine/drive on the new clean/tmp machine as much as possible


-however, once I've gone through all of the above, I still need to
know how to lock down services, how to harden the overall system..

so, the more comments that are on point the better.

thanks
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux