From: "Peter Gordon" <peter@xxxxxxxxxxxxxxxx>
Chris Mohler wrote:
So - the plan:
1. telinit 1
2. try to reinstall coreutils
3. telinit 3
4. rsync the last week's worth of data to another machine
5. reformat/reinstall
6. create new home dirs
7. rsync the data back - do a recursive chown/chmod
8. run rkhunter
You can skip steps 1 through 3.
Backup all data that you know for certain is still safe, wipe the disk
entirely,
and do a clean reinstall. If the box was rooted, there is no way to
determine
the extent of the intrusion, and therefore any attempts to replace solely
the
compromised aspects of the system would be irrelevant.
One might also consider brand new passwords for all accounts without
exception, too.
{o.o}
