On Wed, Jul 15, 2009 at 09:20, Andrew McNabb<amcn...@mcnabbs.org> wrote: > On Wed, Jul 15, 2009 at 12:34:10AM -0600, Gabriel Gunderson wrote: >> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmor...@suseblog.com> >> wrote: >> > When you have been hacked: >> >> I don't mean to be a downer, but I've got bad news... The only thing >> to do if you've already *been hacked* is re-install and rebuild from >> trusted sources. Really, they've out smarted you once, are you going >> to give them another chance? >> >> Well, I guess if you had md5/sha1 sums (that you can trust) of every >> file on your system and you're willing to go file-by-file and verify >> them when mounted on a trusted system (*not* the one that was hacked), >> then, maybe, you could sleep again at night knowing all is well. > > Even then, the kernel could be modified to lie about the contents of the > files. You really can't trust anything.
Yeah, if you have physical access to the box, there's no better "un-hack" mechanism than a clean reinstall. It's fairly trivial to replace common utilities with malicious ones once they've broken in. > > I highly recommend having your own kickstart script and/or postinstall > script. There should be a little script that installs all of the > packages that you need and checks out config files from a Git > repository. This makes it really easy to recover from problems, whether > they come from hacking, hardware failure, or mistakes. +1 to this. After agonizing for way too long about what packages I've been using and getting my config files all set up happily after a reinstall, creating a git repo for my config files and a package list that can be read by a script is a real life-saver. -- Alex Esplin /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
