On Tue, Aug 08, 2000 at 11:24:09AM -0600, Chuck Mead wrote:
: Reinstall. Sorry but you're in an ugly situation... imagine that
: /bin/login has
: been replaced!
At the very least! Rootkits have become pretty sophisticated. I've
even seen one that was PAMified, so it would work nicely on RedHat
machines.
: Alternatively you could scan the box and look for the hidden port
: because there
: will be one...
That's always a good way to learn how entry was gained, but a re-install
from known-clean media, including scrubbing the disks is definitely in
order. The only data that should be kept is application data, and that
needs to have its integrity verified. It's a wonderful thing to have
backups, but which backup contains your data pre-intrusion? It can
be tough to know..
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
