On Fri, 2002-01-11 at 05:02, Alan Aldrich wrote: > > Not sure what all it did, but really played havoc with SSH and some other > networking components and is keeping my aventail authentication server from > honoring socks requests. > Can someone help undo whatever it did or point me to a site that covers it? I > need to get this server back online quick
Just making sure for you: do *not* restore binary files from backup, only data (text?) files and any /etc/-files you can't recreate from your head. We had an incident where we suspected a break-in on one server. Reinstalling all our 7 highly intertwined Debian servers from scratch took less than a week. Just get email up first, then install apache, or what you are providing, restore your htdocs and then fiddle with getting your system right. Try to use as possible of Debian plain installation configurations, they are usually quite well thought through :) Did you use potato or woody? I would be nice for the rest of us to have some clue on what might have happened. It might no be trivial ( ie. a stolen password or an old version of SSH.) -- Lars Bahner, http://lars.bahner.com/ Nihil est sine ratione cur potius sit, quam non sit.
pgpDE7AGMnQA5.pgp
Description: PGP signature