2008/8/26 Adam Hardy <[EMAIL PROTECTED]>: > The more I think about it, the more I believe some sharp hacker out there > could easily have fooled me for months. > > Any suggestions now?
1) Be slightly less paranoid :) 2) Assuming your server is hosted with VPSVille, Slicehost or some other hosting company that doesn't give you physical access but does have a facility for reinstalling your OS on demand, you could, in the following order: - Back up your data from it locally; - Prepare a script that will run iptables to disable all connections except SSH access and apt-get connections; - Reinstall the OS; - Immediately log in, upload the script and run it; - apt-get install rkhunter; - Generate the hashes (if you're on Etch, this won't work, as the rkhunter in Etch doesn't include the -propupd option, but on Lenny it should be possible. For ways to generate rkhunter hashes on Etch, see my recent mailing list thread, "rkhunter on Etch"); - download copies to your local machine. Congratulations. Unless someone rooted you in the few minutes it took to do this (this is very unlikely unless your hosting provider installs the OS in some crazy-ass wide-open-to-exploitation fashion - see point 1 above), you now have a set of hashes you can trust, and which you can write to RO media from your local machine. NB. I haven't tried this myself, but I'm putting together a plan for securing my own VPS, and this is the general principle (I should add, I won't be relying solely on rkhunter!). So, if anyone reads the above and spots that I've missed something crucial, please let me know :) Sam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
