[oclug] a rooted system
Vic Gedris
vic at worldwidepunk.com
Tue Apr 24 00:12:38 EDT 2001
Bill,
I would seriously consider trying to convince your bosses to do a
complete re-install. You can't possibly know for sure exactly what
other programs were trojaned. Often basic utilities like 'ls' and 'ps'
(to hide malicious processes) are changed so that things look normal.
So even being "double damn sure" isn't always correct. ;-)
It doesn't sound like you have too much going on that machine anyway.
I'd be most worried about the CVS repository and the contents of your
database. Is there anything in there that would be worthwhile for
someone to change?
Otherwise I'd say back up your config files and CVS/database, nuke it
completely, and then build from the ground up again. Unplugged from the
network of course until you are reasonably confident.
If the system only does the things you said it's been set up to do, I
don't imagine it would be *that* much of a hassle to completely re-do
it. If they refuse to let you nuke it, you'll just be saying "I told
you so!" very soon anyway. ;-) Also....it would REALLY suck to find
out that your machines are used as part of a distributed DOS attack or
spam-a-thon. Please tell your boss that some extra time now will save
huge headaches later.
Next step...check the other machines, if there are any!
Good luck....sounds like fun, actually. :-)
-vic
--
------------------------------------------------------------------------
WORLD WIDE PUNK http://www.worldwidepunk.com
vic-at-worldwidepunk.com PO Box 52051, Ottawa Ontario, K1N 5S0, CANADA
------------------------------------------------------------------------
More information about the OCLUG
mailing list