On Sat, Feb 03, 2001 at 08:47:26PM -0300, [EMAIL PROTECTED] wrote: > > can I complete re-install with apt? or I have to do the boot from cd > again?
boot from the CD, and erase all partitions, backup any data or config files you wnat to keep but manually audit each and every file before restoring, and restore no binaries. if you want to save the package lists run: dpkg --get-selections \* > select then look through that list before restoring it after you install the clean base system. you can restore that package selection list with this command: dpkg --set-selections < select since you have a clean system with clean apt and clean sources.list i don't see much of a way for evil to leak back in through this. unless the attacker removed or installed many packages then you would have to go through and manually put things back anyway. but he can't make you apt-get install trojan this way.. (apt-get install buggy-prog-with-big-root-hol yes though) as it is now you can't trust apt-get, it could be trojaned to download more backdoor packages from who knows where. your kernel could be compromised to always allow remote root access etc etc etc. wipe the entire disk. i would even zero out the partition table and repartition it from scratch too. (i even zero out the entire disk, but this will take a long time) -- Ethan Benson http://www.alaska.net/~erbenson/
pgpGBmJfVizs2.pgp
Description: PGP signature
