Re: Is this a compromise and how?

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Thu Dec 14 2000 - 17:40:38 EST


> > I'm guessing that your ls was also hijacked. You're using RedHat, so try
> > the rpm -V command
> Once hacked you can't trust anything. A malicious person might just
> install RPMs for example.

There is a proper way to do this. You boot the rescue CD, then do the rpm
verify of each package with the rpm binary on the CD (static) agains the
package on the CD.

> Re-install is the only option.

I would advise this however it is not 'only' but 'very good idea'

> Restore backups only after verifying that they do not re-install the

(popular one is roots .login)

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Dec 15 2000 - 21:00:30 EST