In linux.debian.security, you wrote: > On Sat, 15 Sep 2001, Petro wrote: > >> If you believe that you've been hacked, fdisk and restore from >> backup--if you are absolutely positive your backup is clean. >> Otherwise rebuild from scratch. > > I can easily agree with the above, emphasizing the "if" clause on top of > it. You do not want to wipe away your computer and spend a good amount of > time rebuilding it unless you _believe_ it has been rooted. That's why you > unplug it (to begin with) and carefully check the contents of its hard > disk(s) using a known good system, possibly using another computer > altogether to do the check. > > THEN you wipe the compromised system away and reinstall it... "I can easily agree with the above, emphasizing the "if" clause". ;) If you're good at hunting down r00tkits, and the server is not critical, then yes. Besides, it's a good learning experience. If you want the server back on-line ASAP, wipe and reinstall is usually faster. Dima -- Well, lusers are technically human. -- Red Drag Diva -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
