[oclug] Re: Re: Follow-up: ifconfig and netstat exist but don 't?? ( please help... )
Brad Barnett
bbarnett at L8R.net
Thu Mar 7 15:50:12 EST 2002
On Thu, 7 Mar 2002 15:33:50 -0500
"Strosberg, Bill" <bill.strosberg at rcpsc.edu> wrote:
> > From: Ken Dyer [mailto:ken at springtime.dyndns.org]
> > Sent: Thursday, March 07, 2002 2:38 PM
> > To: oclug at lists.oclug.on.ca
> > Subject: Re: [oclug] Re: Re: Follow-up: ifconfig and netstat exist but
> > don't?? ( please help... )
> >
> > I agree with that conclusion as well, also this would be a
> > good time to
> > re consider an IDS like tripwire, this plus a few other security
> > precautions could be more helpful to you in the future if
> > there is a re-
> > occurrence.
>
> All:
>
> Actually, DO NOT just back up and restore your config files. Many
> exploits are being targeted at boxes to become spammer slaves, and
> restoring a a bad sendmail.cf file will just allow the spammers to
> continue to use an open relay. I speak from painful experience here!
> You can only do this if your do a tripwire verify and things pass
> testing ... otherwise the config files are just as suspect as the
> binaries.
>
The difference is that you can easily see if a config file has something
in it that it shouldn't.
More information about the OCLUG
mailing list