what to do when you've been rooted
Rick Moen
rick at linuxmafia.com
Sat Jan 20 20:32:26 PST 2001
begin Eric Eisenhart quotation:
> Problem with this is, it's possible that somebody might have installed a
> rootkit that also changed the RPM database or the RPM program or the kernel
> to see things as being as they still should be.
<deadpan>
That's why all Red Hat users store safety copies of /var/lib/rpm/*
off-system, right?
</deadpan>
> Looks like the problem was with wu-ftpd, nfs or lprng...
I am shocked, shocked, at the notion of a vulnerability with the world's
cruftiest and most overfeatured ftp daemon, with the No Frigging Security
code, or with one of the leading candidates for heavy access restriction
in /etc/hosts.deny .
Why, you're injuring my childlike faith most severely, here.
> Really, though; it's easiest to do a fresh install.
^^^^^^^
I believe you misspelled "mandatory".
--
Cheers, "Besides, Debian runs Web sites, Red Hat runs
Rick Moen Quake, and Windows runs Half-Life."
rick at linuxmafia.com -- Bryce Kerley (on Slashdot)
More information about the talk
mailing list