FC9 Compromised...

Aldo Foot lunixer at gmail.com
Fri Feb 27 22:08:11 UTC 2009


On Fri, Feb 27, 2009 at 12:49 PM, Jack Lauman <jlauman at nwcascades.com> wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were
> compromised. All had the latest patches applied.

At this point I would not trust any system binaries such as commands or
executable programs you don't recognize.
You could try booting with a LiveCD and use find to expose files created
recently. Most likely there is a binary somewhere in /usr/bin or /usr/sbin
with the sole task of deleting certain files to cover things up.
<snip>

> Any help on resolving this would be appreciated.  I need to get data off
> these before re-installation.

It would be informative for yourself to find out *how* the break in occurred.
You'll need to know how to prevent it once you reinstall.


~af




More information about the fedora-list mailing list