Re: Monitoring a file?
From: Lowell Gilbert (freebsd-questions-local_at_be-well.ilk.org)
Date: 11/24/03
- Previous message: RYAN vAN GINNEKEN: "Re: remote mount hangs sysstem"
- In reply to: Cordula's Web: "Re: Monitoring a file?"
- Next in thread: Cordula's Web: "Re: Monitoring a file?"
- Reply: Cordula's Web: "Re: Monitoring a file?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-questions@freebsd.org To: "Cordula's Web" <cpghost@cordula.ws> Date: 23 Nov 2003 18:06:12 -0500
"Cordula's Web" <cpghost@cordula.ws> writes:
> I've finally found the culprit with a traditional method:
> * md5 (binary from an uncompromised machine) on all files
> * reinstalling from scratch (not buildworld, but really
> installing from FTP)
> * md5 again and diff.
[snip]
> Ugh... system clean again at last. :)
You can't be sure. The attacker probably put an suid binary somewhere
besides the normal system binaries, in which case it's still there and
you may still be vulnerable. When you know you've been hacked, you
need to wipe the disk and *really* reinstall from scratch. And be
very careful about what you restore from backups, too.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: RYAN vAN GINNEKEN: "Re: remote mount hangs sysstem"
- In reply to: Cordula's Web: "Re: Monitoring a file?"
- Next in thread: Cordula's Web: "Re: Monitoring a file?"
- Reply: Cordula's Web: "Re: Monitoring a file?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
