Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Have I been hacked?

>>>>> "Jim" == Jim Breen <> writes:

    Jim> I am thinking of making a tgz of /home (while off-line),
    Jim> copying it away elsewhere (I think I have enough space in the
    Jim> Windblows partition), then doing a repartition and fresh
    Jim> install. Presumably that would be pretty safe.

Once you get off line scan /home for

1) directory names starting with a .
2) filenames containing control characters and the like
3) executables whose purpose you don't know

Do this with executables from a floppy, preferably by booting from an
external fs like floppy or CD-ROM.  Yes, there are rootkits that
replace ls et al.  (Consider the fakeroot package that is used to
allow you to write a .deb or .rpm as though you were root, ie,
changing groups and stuff like that.)

Institute of Policy and Planning Sciences
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
              Don't ask how you can "do" free software business;
              ask what your business can "do for" free software.

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links