On 9/19/07, Neil Bothwick <[EMAIL PROTECTED]> wrote: > On Wed, 19 Sep 2007 11:09:30 -0700, Grant wrote: > > > Last night my host sent out a message that their database had been > > compromised. I contacted them this morning and it turns out that all > > of their trouble tickets were exposed. I checked my records and > > (stupidly) I had included my root password in an email to them about a > > year ago. I (stupidly) hadn't changed the password since. I've > > changed it now and rebooted the system, but what do you think? Do I > > need to start this thing over? > > equery check sys-process/procps > equery check sys-apps/coreutils > > Make sure that none of the executable files have changed. > > Also, emerge and run app-forensics/rkhunter >
I'm not a security expert, not even near. But, if I was in a possible vulnerable position like a leaked root password, wouldn't an "emerge -ef world" and a posterior offline "emerge -e world" replace any possible binary changed by an intruder? That would minimize the risk, and allied with rkhunter and other forensic tools and password change could make you pretty sure that your environment is safe afain... Just a thought... -- [EMAIL PROTECTED] mailing list
