[thelist] Stupid linux/router problem

Eduardo Kienetz eduardok at gmail.com
Fri Jul 6 12:30:43 CDT 2007


On 7/6/07, Brent Eades <beades at almonte.com> wrote:
> As for the rootkit: I did run chkrootkit, and it located the very evil
> SHV5 variant. I also did figure out who did it (their IP, at least, in
> Israel) and how they got in, and have forwarded the relevant logs to to
> RSA and their ISP.

Way to go.

> (I think it was this quote from Wikipedia that convinced me: "Removing
> rootkits: There is a body of opinion that holds this to be forbiddingly
> impractical. Even if the nature and composition of a rootkit is known,
> the time and effort of a system administrator with the necessary skills
> or experience would be better spent re-installing the operating system
> from scratch...")
>
> All for the best in the end, I suppose. I now have a much more current
> Linux distro (latest PHP, mySQL, SSH, SElinux, etc), and the assurance
> that I now have a 'clean machine'. I will also be implementing some

Indeed. Now you can be sure everything is alright.

> hardening I should have done ages ago.

It would be interesting to setup a simple firewall script.
I recommend as a start: http://easyfwgen.morizot.net/gen/

-- 
Eduardo Bacchi Kienetz
LPI Certified - Level 2
http://www.noticiaslinux.com.br/eduardo/



More information about the thelist mailing list