rootkit?
Kam Leo
kam.leo at gmail.com
Sun Dec 11 05:59:31 UTC 2005
On 12/10/05, Scot L. Harris <webid at cfl.rr.com> wrote:
> On Sun, 2005-12-11 at 00:45, Gene Heskett wrote:
> > On Sunday 11 December 2005 00:35, Craig White wrote:
> > >On Sun, 2005-12-11 at 00:31 -0500, Gene Heskett wrote:
>
> > I forgot to mention that all the unpacked files are in his sons name,
> > an unpriviledged user, but with a very weak password. So we think it
> > came in and was running as this user. His son, taking comp sci
> > courses as a junior in college now, simply would never have done this,
> > its just not his style. All he ever uses is email & a web browser.
>
> Sounds like a guessed password then. Regardless, the best thing to do
> is to rebuild from scratch and then set strong passwords on all
> accounts. That is the only way to be sure the system is really back
> under your control.
>
Isn't rebuilding a little extreme? If the cracker got into an
unpriviledged user's account and no further isn't that particular user
account the only thing at risk? Shouldn't changing all passwords to
strong ones and deleting the infected user account and files be
sufficient?
More information about the fedora-list
mailing list