From owner-freebsd-isp@FreeBSD.ORG Wed Apr 23 13:50:32 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B627D37B42C for ; Wed, 23 Apr 2003 13:50:32 -0700 (PDT) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id E430943FBF for ; Wed, 23 Apr 2003 13:50:31 -0700 (PDT) (envelope-from lists@visionsix.com) Received: from vsis169 (unverified [65.202.119.169]) by mordrede.visionsix.com (Vircom SMTPRS 2.0.244) with SMTP id ; Wed, 23 Apr 2003 15:50:30 -0500 Message-ID: <002701c309d9$f5fe1ad0$a977ca41@vsis169> From: "Lewis Watson" To: "Dave [Hawk-Systems]" , References: Date: Wed, 23 Apr 2003 15:50:23 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: disaster recovery after rootkit -> MySQL and user accounts X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2003 20:50:33 -0000 ----- Original Message ----- From: "Dave [Hawk-Systems]" To: Sent: Wednesday, April 23, 2003 3:14 PM Subject: disaster recovery after rootkit -> MySQL and user accounts > the new server is FreeBSD and this is an ISP hosting environment... other than > that it doesn't really fit this group, but figured would have a good chance of > hitting someone in here with some pearls of wisdom. > > Recently inherited a Debian Linux box from a small ISP. While it was scheduled > to transfer everything over to our chosen platform (FreeBSD) we notices some > peculiarities. Evidently one of the previous "sysadmins" had given out his > login information to allow people to fix their own problems. Sure enough, check > the server and somone had installed a root kit, dont' a poor job, and now the > box was melting down. > 1) Mysql won't start due to all the corrupted libraries. While I can copy all > the data files from the data directory, not sure how or if we could import all > this back into mysql on the new server and still have mysql user/password and > permissions still in place (there are about 30 databases) > So far, the entire system is rebuilt with FreeBSD 4.x stable branch, the only > information we are moving over from the old server is > - user public_html directories (chowned and chmodded to the users permissions) > - portions of the httpd.conf (namely virtualhost containers) edited as > necessary > - mysql databases > > any vulnerabilities that could be transported as a result of moving this > information over? > > thanks for any help or direction with the above issues. > > Dave Hi Dave, I moved from RH Linux to FreeBSD and it seems that I just shut down MySQL tar'd the MySQL database directory and untarred on the new FreeBSD server. Had no problem with the user table or anything of the sort. While this doesn't cover everything it perhaps will help on the MySQL aspect of things. Another thing I could say is to look at putting the VirtualHost lines in a separate directory when you have time and doing an include statement within the httpd.conf file. It makes things much more portable http://httpd.apache.org/docs/mod/core.html#include HTH, Lewis