Need some help (been hacked)...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, April 9, 2005 11:04 pm, Phil Brutsche said:
> Chris Mauritz wrote:
>> That is absolutely the way to handle a hacked machine.  Unless you've
>> got MD5 fingerprints of each file on the system (a la tripwire),
>> there is no way of knowing where the naughty people may have stashed
>> future surpises for the original poster.
>
> And even then you need to have those fingerprints on RO media and verify
> them off-line (relative to the machine's normal state) such as from a
> bootable rescue CD.
>

If you can aford the time, if you have not already, you need to determine
how the hacker gained access, otherwise, when you re-install your OS and
applications again, you may well get hacked all over again.

Having Tripwire, etc., may be useful for determining what  files were
changed, but I'd never rely on a host integrity system to 'recover' a
system.  Always re-install to have a clean system.  You'll be much better
off.

Just my 2cents. :)

~Dan


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux