what to do when you've been rooted

Rick Moen rick at linuxmafia.com
Sat Jan 20 20:32:26 PST 2001


begin Eric Eisenhart quotation:

> Problem with this is, it's possible that somebody might have installed a
> rootkit that also changed the RPM database or the RPM program or the kernel
> to see things as being as they still should be.

<deadpan>
That's why all Red Hat users store safety copies of /var/lib/rpm/*
off-system, right?  
</deadpan> 

> Looks like the problem was with wu-ftpd, nfs or lprng...

I am shocked, shocked, at the notion of a vulnerability with the world's
cruftiest and most overfeatured ftp daemon, with the No Frigging Security 
code, or with one of the leading candidates for heavy access restriction
in /etc/hosts.deny . 

Why, you're injuring my childlike faith most severely, here.

> Really, though; it's easiest to do a fresh install.
                       ^^^^^^^
I believe you misspelled "mandatory".

-- 
Cheers,                   "Besides, Debian runs Web sites, Red Hat runs
Rick Moen                  Quake, and Windows runs Half-Life."
rick at linuxmafia.com                       -- Bryce Kerley (on Slashdot)



More information about the talk mailing list