On Wed, 1 Mar 2000, M. Erickson wrote:
> No need to reformat, toss that windows paradigm aside, learn a new way of
> dealing with things like this! Just update BIND, XFS, and check through
> all your .history/.bash_history files and find out what else has been
> done..
Finding out what else has been done is not exactly a trivial task. If
whoever did this isn't totally braindead, he edited .history and logfiles
to hide traces. (But then it seems to be someone stupid because he didn't
remove the ADMROCKS file).
rpm --verify can help you find modified files, and a find / -perm 4755
will find added setuid bits, but that's still not everything someone could
have done.
Unless you absolutely know how to deal with this, backing up your data and
reinstalling is probably the best thing to do.
LLaP
bero
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
