To mention the obvious: If you reinstall the same software with the same configuration, you are also reinstalling the security flaw that let someone install the rootkit in the first place. You should find how the rootkit was installed (for this, keeping a copy of the compromised system can help).
Christophe On Fri, Jun 06, 2003 at 02:15:56AM -0700, Paul Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, Jun 06, 2003 at 10:22:03AM +0200, Nicos Gollan wrote: > > Well, that depends on how much you'd trust the system when you just > > removed the kit. I _think_ I got rid of it by deleting the files > > mentioned in the small "analysis", and the machine at least seems to > > behave normal since then. > > Never mind that there could still be backdoors waiting. The only way > to secure a compromised box is reinstallation from scratch. It's the > weakest link until then. > > - -- > .''`. Baloo Ursidae <[EMAIL PROTECTED]> > : :' : proud Debian admin and user > `. `'` > `- Debian - when you have better things to do than fix a system > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > > iD8DBQE+4FvMJ5vLSqVpK2kRAk3qAKCD/6ou3C6QwrUjVdClDIKaDfFR6QCgr0Hh > pJFfcTMJV09j7/ADrL/mLb4= > =OFpX > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Christophe Barbé <[EMAIL PROTECTED]> GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8 F67A 8F45 2F1E D72C B41E A qui sait comprendre, peu de mots suffisent. (Intelligenti pauca.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
