Odp: RE: help i've been hacked. :(
Bartosz Brewinski
BBrewinski at lukas.com.pl
Sun Aug 21 13:54:41 UTC 2005
>>> cparker at swatgear.com 2005-08-21 00:39:48 >>>
> At this point I have not checked for a rootkit, though I plan to do
that
> before I wipe the box.
I think you should consider dumping partition data to some image ("dd
if=/dev/XYZ of=/abc/XYZ.image").
Benefits:
1) you could reinstall the machine without worrying about loss of
data/evidence/configuration.
2) you could examine disk contents many times later on some other
machine ("mount -t <fs_type> /path/to/XYZ.image /mnt/XYZ").
bartek
More information about the redhat-list
mailing list