[CentOS] Need some help (been hacked)...
T'Krin
tkrin at tkrin.net
Sun Apr 10 04:49:38 UTC 2005
On Sat, April 9, 2005 11:04 pm, Phil Brutsche said:
> Chris Mauritz wrote:
>> That is absolutely the way to handle a hacked machine. Unless you've
>> got MD5 fingerprints of each file on the system (a la tripwire),
>> there is no way of knowing where the naughty people may have stashed
>> future surpises for the original poster.
>
> And even then you need to have those fingerprints on RO media and verify
> them off-line (relative to the machine's normal state) such as from a
> bootable rescue CD.
>
If you can aford the time, if you have not already, you need to determine
how the hacker gained access, otherwise, when you re-install your OS and
applications again, you may well get hacked all over again.
Having Tripwire, etc., may be useful for determining what files were
changed, but I'd never rely on a host integrity system to 'recover' a
system. Always re-install to have a clean system. You'll be much better
off.
Just my 2cents. :)
~Dan
More information about the CentOS
mailing list