On Thu, Aug 28, 2003 at 02:49:42PM -0400, Jeremy Portzer <[EMAIL PROTECTED]> wrote: > The only reasons I know of to reinstall a Linux system are: > * hard disk failure (duh!) > * root-kit installation > [If you have a good intrustion detection system, like tripwire, and you > really know what you're doing, it's POSSIBLE to clean a rootkit without > reinstalling. But you'll never be sure if you've cleaned it completely > or not.]
Tripwire can be a very good early-warning sign whether or not you use it to restore your system to its original configuration. In our small office here a rootkit might go unnoticed for a week or two before someone ssh'd in in to our server. You'd probably get messgaes of cronjob's failing though, assuming you have that set up right. David
pgp00000.pgp
Description: PGP signature
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
