Reason: -Discovered linux/old fedora system was hacked. -Quick run of rkhunter/chkrootkit revealed hacks, plus the root passwd changed, as well as other issues. Resolution/Steps to recover: -remove the machine -given machine was laptop, with 2.5" drive, make a couple of copies of the complete drive on separate drives, using "slow" usb connection to usb drive bays - jesus, this is slow!! -I copied the complete drive, ~400G worth of files I wanted to have a complete copy of the data files, as well as all of the OS stuff as well... -the backup/copy will never be used to run a box, as it's corrupted The corrupted laptop drive was initially setup to have separate partitions -root, apps, home, backup -apps contains the "majority" of the actual data.. -Analyse the initial/corrupted machine/system to determine what apps are required from the desktop/panels -Determine what additional apps are required based on the rpm analysis -Determine the required files/dirs from the data partition "apps' -Determine the additional required files for the dev environment php/python/javascript For the OS/system/apps - inspect/analyse centos to ensure the required yum/rpm/repositories exist -create script/bash to completely rebuild system (except the data) test out all of this TBD: -create/test a base rsync/backup strategy -implement rkhunter/chkrootkit for the new restored/reinstalled system -create a faster approach to doing the complete copy/backup --using/copying from usb to usb drive is too slow, perhaps an external drive bay that allows the internal 2.5 to be plugged into it, to copy to an attached backup drive or to copy via ethernet to an attached drive Anything else?? thoughts/comments thanks -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
