Ack! I've been rooted...
jdow at earthlink.net
Fri Feb 2 05:18:43 UTC 2007
From: "Peter Gordon" <peter at thecodergeek.com>
> Chris Mohler wrote:
>> So - the plan:
>> 1. telinit 1
>> 2. try to reinstall coreutils
>> 3. telinit 3
>> 4. rsync the last week's worth of data to another machine
>> 5. reformat/reinstall
>> 6. create new home dirs
>> 7. rsync the data back - do a recursive chown/chmod
>> 8. run rkhunter
> You can skip steps 1 through 3.
> Backup all data that you know for certain is still safe, wipe the disk
> and do a clean reinstall. If the box was rooted, there is no way to
> the extent of the intrusion, and therefore any attempts to replace solely
> compromised aspects of the system would be irrelevant.
One might also consider brand new passwords for all accounts without
More information about the users