Ack! I've been rooted...

Tim ignored_mailbox at yahoo.com.au
Fri Feb 2 09:42:54 UTC 2007


On Fri, 2007-02-02 at 09:27 +0000, Alan wrote:
> Also check any scripts before restoring. You may find a user or
> root .login/.profile or similar in the /home area people habitually
> restore without checking contains hooks to reinstall any trojans. If
> you are paranoid remove the execute bits from everything you restore
> too.

It should probably go without saying, that things like /home, /var,
and /tmp are best mounted in a noexec mode, as well.  It makes it harder
for something to get its foot in the door.
 
-- 
(Currently testing FC5, but still running FC4, if that's important.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




More information about the users mailing list