[TriLUG] Server DEAD!
rasch at raschnet.com
rasch at raschnet.com
Thu Aug 28 15:00:40 EDT 2003
On Thu, Aug 28, 2003 at 02:49:42PM -0400, Jeremy Portzer <jeremyp at pobox.com> wrote:
> The only reasons I know of to reinstall a Linux system are:
> * hard disk failure (duh!)
> * root-kit installation
> [If you have a good intrustion detection system, like tripwire, and you
> really know what you're doing, it's POSSIBLE to clean a rootkit without
> reinstalling. But you'll never be sure if you've cleaned it completely
> or not.]
Tripwire can be a very good early-warning sign whether or not you use it
to restore your system to its original configuration. In our small
office here a rootkit might go unnoticed for a week or two before
someone ssh'd in in to our server. You'd probably get messgaes of
cronjob's failing though, assuming you have that set up right.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030828/8b108a9f/attachment.pgp>
More information about the TriLUG
mailing list