On Wed, 18 Sep 2013 09:47:27 +0200
Paul Wise wrote:
> On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote:
>
> > Why not just reinstall from a trusted source, then
> > restore /etc, /home and /var from backups and audit the changes
> > introduced by that only?
>
> That is a slightly short-sighte
Actually a better option might be to turn the exploited system into a
honeypot to try to gain some information about the attackers, their
methods and so on.
--
bye,
pabs
http://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "uns
On Sun, Sep 22, 2013 at 6:18 PM, Marko Randjelovic wrote:
> And say there are no traces how they did it. Then what are your options?
Audit possible entry points (webapps etc), general hardening, firewall
things off, switch software, switch OS kernel, switch hardware, change
passwords, change keys
On Wed, 18 Sep 2013 09:47:27 +0200
Paul Wise wrote:
> On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote:
>
> > Why not just reinstall from a trusted source, then
> > restore /etc, /home and /var from backups and audit the changes
> > introduced by that only?
>
> That is a slightly short-si
Török Edwin:
> On 09/17/2013 09:45 PM, adrelanos wrote:
>> Situation:
>>
>> * You have a Debian machine, which might be compromised by a backdoor
>> due to a targeted attack. You don't know and want to make sure it's not.
>> For example, a server or a client internet machine.
>
> Why not just rein
Paul Wise:
> On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote:
>
>> Why not just reinstall from a trusted source, then restore /etc, /home and
>> /var from backups
>> and audit the changes introduced by that only?
>
> That is a slightly short-sighted way to do it; if you restore from
> scratch
adrelanos writes:
> * No code within the untrusted system must be required to be executed in
> order for the check, since no code inside the vm image is trusted while
> testing.
How about using https://github.com/devstructure/blueprint?
--
To UNSUBSCRIBE, email to debian-security-requ...@lists
On Wed, Sep 18, 2013 at 9:36 AM, Török Edwin wrote:
> Why not just reinstall from a trusted source, then restore /etc, /home and
> /var from backups
> and audit the changes introduced by that only?
That is a slightly short-sighted way to do it; if you restore from
scratch without doing any foren
On 09/17/2013 09:45 PM, adrelanos wrote:
> Situation:
>
> * You have a Debian machine, which might be compromised by a backdoor
> due to a targeted attack. You don't know and want to make sure it's not.
> For example, a server or a client internet machine.
Why not just reinstall from a trusted so
Situation:
* You have a Debian machine, which might be compromised by a backdoor
due to a targeted attack. You don't know and want to make sure it's not.
For example, a server or a client internet machine.
* You have a Debian Live CD or USB install, which you believe to be clean.
* You want to b
10 matches
Mail list logo
