Re: rootkit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2005-12-10 at 23:37 -0700, Craig White wrote:

> ----
> Backing up data directories and reinstalling from scratch is the only
> known method to ensure the integrity of a system that has been
> compromised.

Sun use to (still does?) allow you to enter an md5sum and it would tell
you exactly what file it matched, along with what patch level.

That kind of thing does allow you to restore a compromised system, by
verifying the binaries on the system. However - you have to have a way
to verify every binary, from a boot CD (since you can't trust
binaries/libraries on the system) - and trash any binary you don't
trust.

It is best to keep a log of installed packages, and backup configuration
files periodically, so that you can restore by clean install if needed -
but it *is* possible to have a system where you can verify the that the
software installed has not been compromised.

If you have a backup of your rpm database from before the box was owned,
you can use the rpm binary from the rescue CD (or install CD if not on
rescue CD) to verify your packages against the known good rpm database.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux