badouglas at gmail.com
Wed Dec 25 17:51:36 UTC 2013
-Discovered linux/old fedora system was hacked.
-Quick run of rkhunter/chkrootkit revealed hacks,
plus the root passwd changed, as well as other issues.
Resolution/Steps to recover:
-remove the machine
-given machine was laptop, with 2.5" drive,
make a couple of copies of the complete drive on
separate drives, using "slow" usb connection to
usb drive bays - jesus, this is slow!!
-I copied the complete drive, ~400G worth of files
I wanted to have a complete copy of the data files,
as well as all of the OS stuff as well...
-the backup/copy will never be used to run a box, as it's
The corrupted laptop drive was initially setup to have
-root, apps, home, backup
-apps contains the "majority" of the actual data..
-Analyse the initial/corrupted machine/system to determine
what apps are required from the desktop/panels
-Determine what additional apps are required based on the
-Determine the required files/dirs from the data partition "apps'
-Determine the additional required files for the dev environment
For the OS/system/apps - inspect/analyse centos to ensure the
required yum/rpm/repositories exist
-create script/bash to completely rebuild system (except the data)
test out all of this
-create/test a base rsync/backup strategy
-implement rkhunter/chkrootkit for the new restored/reinstalled
-create a faster approach to doing the complete copy/backup
--using/copying from usb to usb drive is too slow,
perhaps an external drive bay that allows the internal
2.5 to be plugged into it, to copy to an attached backup drive
or to copy via ethernet to an attached drive
More information about the users