On Thu, 9 Nov 2000, Rick Warner wrote:
> 1) Find out what has changed on the machine. Use 'rpm -V' against all
> packages and see what was modified. If they had root access, it is likely
> they changed some system utils to add a backdoor.
Sorry to hear you've been hacked Fred.
On a related note, has anyone had their RPM database scrambled during an
attack?
Since there is nothing protecting the database once root access is
obtained, rpm -Va shouldn't be trusted. But, I've not heard of any
attack yet they bothered to fixup the rpm db, it seems to me that would be
a fairly difficult thing to do.
So, is there a consensus, should rpm -Va be trusted after a successful
attack?
Later,
Bill Carlson
--
Systems Programmer [EMAIL PROTECTED] | Opinions are mine,
Virtual Hospital http://www.vh.org/ | not my employer's.
University of Iowa Hospitals and Clinics |
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
