[CentOS] How to check for rootkit, troians etc in backed up files?

Thu Sep 4 06:15:41 UTC 2008
Mike McCarty <Mike.McCarty at sbcglobal.net>

M. Fioretti wrote:
> Hi,
> 
> there is a remote (VPS) Centos 4.2 server which *may* have been
> compromised. Reinstalling everything from scratch isn't a problem, it
> may even be an occasion to improve a few things, the question is
> another.

I use rkhunter and chkrootkit. I run them regularly.

If you keep your machine clean, then your backups will be, too.

If you get compromised, then your backups since compromise are
suspect.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!