[K12OSN] file attributes
Josh Malone
jmalone at nrao.edu
Tue Mar 20 13:42:05 UTC 2012
On 2012-03-20 06:42, Jim Kinney wrote:
> try a dd if=/dev/zero of=/<file path and name> bs=1024 count=1024
>
> this _should_ overwrite the file(s) for 1M with 0s.
>
> Also check selinux status with ls -laZ and see if selinux got turned
> on or
> changed 'getenforce' to show, 'setenforce [01]' to temp change.
Or just do what you really should do when a system gets rooted:
re-install it.
Personally, I'd be most concerned with finding the initial attack
vector. Every time we've dealt with a system intrusion before, we always
discovered how they got in in the first place. Usually it's compromised
account credentials (read "passwords") that came from either other
systems or a successful phishing campaign. Turning off SSH should not be
your ultimate solution for network security.
Did the attackers brute-force your root password? Or did they find some
remote vulnerability?
If you don't know, to me that's even more reason to re-install the
system, possibly with a newer release. I've been very happy with my LTSP
install on RHEL6 and that's rather easy to keep up to date.
-Josh
--
---------------------------------------------------------
Joshua Malone Systems Administrator
(jmalone at nrao.edu) NRAO Charlottesville
434-296-0263 www.nrao.edu
434-249-5699 (mobile)
BOFH excuse #266: All of the packets are empty
---------------------------------------------------------
More information about the K12OSN
mailing list