FC9 Compromised...
Aldo Foot
lunixer at gmail.com
Fri Feb 27 22:08:11 UTC 2009
On Fri, Feb 27, 2009 at 12:49 PM, Jack Lauman <jlauman at nwcascades.com> wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were
> compromised. All had the latest patches applied.
At this point I would not trust any system binaries such as commands or
executable programs you don't recognize.
You could try booting with a LiveCD and use find to expose files created
recently. Most likely there is a binary somewhere in /usr/bin or /usr/sbin
with the sole task of deleting certain files to cover things up.
<snip>
> Any help on resolving this would be appreciated. I need to get data off
> these before re-installation.
It would be informative for yourself to find out *how* the break in occurred.
You'll need to know how to prevent it once you reinstall.
~af
More information about the fedora-list
mailing list