Mick wrote:
On Monday 09 August 2010 21:25:37 Dale wrote:
Robert Bridge wrote:
On Mon, Aug 9, 2010 at 8:09 PM, Mick<michaelkintz...@gmail.com> wrote:
There have been discussions on this list why sudo is a bad idea and sudo
on *any* command is an even worse idea. You might as well be running
everything as root, right?
sudo normally logs the command executed, and the account which
executes it, so while not relevant for single user systems, it STILL
has benefits over running as root.
RobbieAB
I don't use sudo here but I assume a admin would only know that a nasty
command has been ran well after it was ran? Basically, after the damage
has been done, you can go look at the logs and see the mess some hacker
left behind. For me, that isn't a whole lot of help. You still got
hacked, you still got to reinstall and check to make sure anything you
copy over is not infected.
Assuming that they can erase dmesg, /var/log/messages and other log
files, whose to say the sudo logs aren't deleted too? Then you still
have no records to look at.
I agree with the other posters tho, re-install from scratch and re-think
your security setup.
That's the problem with any compromise worth its salt, all logs will be
tampered to clear traces of interfering with your system. Monitoring network
traffic from a healthy machine is a good way to establish suspicious activity
on the compromised box and it also helps checking for open ports (nmap, or
netcat) to find out what's happening to the compromised box.
Yep, cause when they are in the system, they can do what they want.
Once they get root privileges, nothing else matters after that. It's
just a matter of the clean up which from what I have always read is a
reinstall. It's not good to hear but it's the best way to know for sure
you are safe.
Me tho, I would start from scratch and not even chroot into the old
install. I might mount and try to read a log file or copy my world file
but that would be about it. I'm not sure I would trust anything else.
I just hope this never happens to me. :/
Dale
:-) :-)
