Date: Wed, 23 Apr 2003 15:50:23 -0500 From: "Lewis Watson" <lists@visionsix.com> To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: disaster recovery after rootkit -> MySQL and user accounts Message-ID: <002701c309d9$f5fe1ad0$a977ca41@vsis169> References: <DBEIKNMKGOBGNDHAAKGNKELGMNAB.dave@hawk-systems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-isp@freebsd.org> Sent: Wednesday, April 23, 2003 3:14 PM Subject: disaster recovery after rootkit -> MySQL and user accounts > the new server is FreeBSD and this is an ISP hosting environment... other than > that it doesn't really fit this group, but figured would have a good chance of > hitting someone in here with some pearls of wisdom. > > Recently inherited a Debian Linux box from a small ISP. While it was scheduled > to transfer everything over to our chosen platform (FreeBSD) we notices some > peculiarities. Evidently one of the previous "sysadmins" had given out his > login information to allow people to fix their own problems. Sure enough, check > the server and somone had installed a root kit, dont' a poor job, and now the > box was melting down. > 1) Mysql won't start due to all the corrupted libraries. While I can copy all > the data files from the data directory, not sure how or if we could import all > this back into mysql on the new server and still have mysql user/password and > permissions still in place (there are about 30 databases) > So far, the entire system is rebuilt with FreeBSD 4.x stable branch, the only > information we are moving over from the old server is > - user public_html directories (chowned and chmodded to the users permissions) > - portions of the httpd.conf (namely virtualhost containers) edited as > necessary > - mysql databases > > any vulnerabilities that could be transported as a result of moving this > information over? > > thanks for any help or direction with the above issues. > > Dave Hi Dave, I moved from RH Linux to FreeBSD and it seems that I just shut down MySQL tar'd the MySQL database directory and untarred on the new FreeBSD server. Had no problem with the user table or anything of the sort. While this doesn't cover everything it perhaps will help on the MySQL aspect of things. Another thing I could say is to look at putting the VirtualHost lines in a separate directory when you have time and doing an include statement within the httpd.conf file. It makes things much more portable http://httpd.apache.org/docs/mod/core.html#include HTH, Lewis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002701c309d9$f5fe1ad0$a977ca41>