Date: Sun, 29 Apr 2012 19:02:41 +0000 (UTC) From: jb <jb.1234abcd@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: UFS Crash and directories now missing Message-ID: <loom.20120429T205328-815@post.gmane.org> References: <201204281731.q3SHVaiM061997@mail.r-bonomi.com> <CAHieY7Tcv%2Bo-KbmLtPVHWXSphJX7b5f0QMO46yM-DOju4S9S7Q@mail.gmail.com> <20120428200116.b2f5820e.freebsd@edvax.de> <CAHieY7TpWsCbm8LZFMboWHgXJ2M79TbcK7Jse3=MoVUR2XB5Ow@mail.gmail.com> <4f9ced3a.f7WBDlsMkhxvy%2BeF%perryh@pluto.rain.com> <20120429103740.aa7df743.freebsd@edvax.de> <CAHieY7QCpV0Tz-mJHyNuObnF%2BN%2BnAXGpnxr4D1f8s_2E_No%2BHw@mail.gmail.com> <loom.20120429T190931-325@post.gmane.org> <CAHieY7TD=M-UR4kv_EJAYiZUQBEEGL2rMUKSnMRw%2B0nBBtQGxA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alejandro Imass <ait <at> p2ee.org> writes: > ... > > What you should do right now is to get some recent general or security cd/dvd > > with chkrootkit and rkhunter and run them from that external read-only media. > > I would also suggest that you look over config files of all packages > > involved. > > jb > > > > Thanks! Will do, but I don't know of any FreeBSD and/or derived > distros for security. Or can I use any Linux security distro? I > remember reading about some trouble of Linux chkrootkit on FBSD.... It looks like you have only one choice with prebuilt rkhunter package only: http://www.freebsd.org/releases/9.0R/announce.html dvd1 This contains everything necessary to install the base FreeBSD operating system, a collection of pre-built packages aimed at getting a graphical workstation up and running. It also supports booting into a "livefs" based rescue mode. This should be all you need if you can burn and use DVD-sized media. ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/ rkhunter-1.3.8_1.tbz 04/18/12 18:56:00 With regard to verification of config files - you said you got backups (those pre-incident would be best) and you have the incident-time files, so do a diff on dirs (in particular /etc and /usr/local/etc) jb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20120429T205328-815>