1. Immediately shut down the system
2. Remove disks
3. Install disks as "secondary disks" in another, known-good system
4. Copy any important data off (or copy everything, if you want to
do forensic analysis later)
5. Wipe disks clean
6. Put disks back in original system
7. Re-install from scratch
8. After checking files from step #4 above for evidence of tampering,
copy them back to the system.I would submit that when you get to step #7, that you seriously consider doing the reinstallation from scratch of a RH 9.0 or whatever other version you previously had ideations of "upgrading" to. And, as part of Step #8, I think you will want to review exactly what security enhancements have been added to the Red Hat products since 7.2, and perhaps use them, rather than blindly copying back your (possibly tainted) system files. I'm not picking on Red Hat - I went through a similar exercise with SuSE, although I was fortunate in that my systems hadn't been compromised. But, there were still a lot of new, arcane things I had to understand quickly!
Please understand that I'm very empathetic to your situation - not a pleasant event at all.
Cheers,
Bayard
_______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
