[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] file attributes

On 2012-03-20 06:42, Jim Kinney wrote:
try a dd if=/dev/zero of=/<file path and name> bs=1024 count=1024

this _should_ overwrite the file(s) for 1M with 0s.

Also check selinux status with ls -laZ and see if selinux got turned on or
changed 'getenforce' to show, 'setenforce [01]' to temp change.

Or just do what you really should do when a system gets rooted: re-install it.

Personally, I'd be most concerned with finding the initial attack vector. Every time we've dealt with a system intrusion before, we always discovered how they got in in the first place. Usually it's compromised account credentials (read "passwords") that came from either other systems or a successful phishing campaign. Turning off SSH should not be your ultimate solution for network security.

Did the attackers brute-force your root password? Or did they find some remote vulnerability?

If you don't know, to me that's even more reason to re-install the system, possibly with a newer release. I've been very happy with my LTSP install on RHEL6 and that's rather easy to keep up to date.


       Joshua Malone       Systems Administrator
     (jmalone nrao edu)    NRAO Charlottesville
        434-296-0263           www.nrao.edu
        434-249-5699 (mobile)

BOFH excuse #266: All of the packets are empty

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]