Date: Mon, 20 Aug 2001 02:14:43 -0400 From: "ShellsAndHosting.com Administration" <admin@shellsandhosting.com> To: "Chris BeHanna" <behanna@zbzoom.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Rooted Message-ID: <000901c1293f$6af67620$0200000a@critter> References: <Pine.BSF.4.32.0108192236470.6275-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Install /usr/ports/secuity/chkrootkit, run it an see what you come up with before anything. Regards, Jason admin@shellsandhosting.com ----- Original Message ----- From: "Chris BeHanna" <behanna@zbzoom.net> To: <freebsd-security@FreeBSD.ORG> Sent: Sunday, August 19, 2001 10:38 PM Subject: Re: Rooted > On Sun, 19 Aug 2001, Rami AlZaid wrote: > > > At 12:26 AM 8/19/2001, you wrote: > > >You may also be backdoored; if you weren't running something like tripwire > > >to catch changes in your system files, you may want to go ahead and > > >re-install FreeBSD entirely. May not be necessary, but it shouldn't hurt. > > > > Would deleting /usr/src, cvsuping all the source, making world and > > replacing all the files in /usr/local/etc and /etc remove the > > backdoors? or is it necessary to wipe the hard disk and install > > everything all over again? > > Are you certain that gcc wasn't backdoored, or install, or > what-have-you? > > That's one reason among many that you need to wipe the disk and > start over, then install tripwire and chkrootkit the next time around. > > -- > Chris BeHanna > Software Engineer (Remove "bogus" before responding.) > behanna@bogus.zbzoom.net > I was raised by a pack of wild corn dogs. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c1293f$6af67620$0200000a>