Re: FC9 Compromised...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 27, 2009 at 12:49 PM, Jack Lauman <[email protected]> wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were
> compromised. All had the latest patches applied.

At this point I would not trust any system binaries such as commands or
executable programs you don't recognize.
You could try booting with a LiveCD and use find to expose files created
recently. Most likely there is a binary somewhere in /usr/bin or /usr/sbin
with the sole task of deleting certain files to cover things up.
<snip>

> Any help on resolving this would be appreciated.  I need to get data off
> these before re-installation.

It would be informative for yourself to find out *how* the break in occurred.
You'll need to know how to prevent it once you reinstall.


~af

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux