[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] file attributes



On 2012-03-20 06:42, Jim Kinney wrote:
try a dd if=/dev/zero of=/<file path and name> bs=1024 count=1024

this _should_ overwrite the file(s) for 1M with 0s.

Also check selinux status with ls -laZ and see if selinux got turned on or
changed 'getenforce' to show, 'setenforce [01]' to temp change.

Or just do what you really should do when a system gets rooted: re-install it.

Personally, I'd be most concerned with finding the initial attack vector. Every time we've dealt with a system intrusion before, we always discovered how they got in in the first place. Usually it's compromised account credentials (read "passwords") that came from either other systems or a successful phishing campaign. Turning off SSH should not be your ultimate solution for network security.

Did the attackers brute-force your root password? Or did they find some remote vulnerability?

If you don't know, to me that's even more reason to re-install the system, possibly with a newer release. I've been very happy with my LTSP install on RHEL6 and that's rather easy to keep up to date.

-Josh


--
---------------------------------------------------------
       Joshua Malone       Systems Administrator
     (jmalone nrao edu)    NRAO Charlottesville
        434-296-0263           www.nrao.edu
        434-249-5699 (mobile)

BOFH excuse #266: All of the packets are empty
---------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]