Re: FC9 Compromised...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 27 Feb 2009 13:32:11 -0800, Jack wrote:

> Disagree, if anyone used the root password they had to know what it 
> was... 27 characters
> 
> It's probable that they got in through a pop3 account on one machine.

On "one machine", but what about the other machines?
Did they use the same root pw?
If not, what services did the machines have in common?

> No rootkits found, no trojans or viruses found.

chkrootkit and rkhunter may not be sufficient when analyzing the
systems. Preferably examine the filesystem read-only mounted, and
also do RPM database verification with an external RPM.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux