On 10/17/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > Jacques B. wrote: > > > > You can't honestly suggest that there should be a tool that can check > > your entire system for any evidence of intrusion and fix it? > > Well yes... Since there isn't a handier one, I usually do it by > restoring a backup from a time when I trusted the machine into a > subdirectory of some other machine, then running rsync -avn against the > live one to see what has changed. > > -- > Les Mikesell > lesmikesell@xxxxxxxxx Well if that's the approach you take, I would suggest you use md5deep instead and use hashing as a means of verifying files on your system with those from a trusted backup. Jacques B.
