[Gllug] My firewall is rooted
Jim Bailey
jim at freesolutions.net
Mon Jul 15 12:44:17 UTC 2002
On Mon, Jul 15, 2002 at 12:35:29PM +0100, Richard Cottrill wrote:
> My 2c.
>
> Boot from a known-good root/boot disc (floppy I suppose if such a thing
> exists for BSD), copy the essential files (text only) to another disc and
> reinstall from scratch. While waiting for the installation to complete read
> all of the files you pulled off and try to find anything that looks a bit
> suss. Then copy the (possibly edited) configuration files back to the new
> machine.
>
> If BSD has a really good auditing tool for just such occasions then you
> might be able to use another root/boot disc to audit and clean the machine
> without re-installation. This gives you more opportunity for forensics and
> other high-jinks. Oh, and it could save a lot of pissing about.
>
If you want to try and find out what happened try the TCT from Wietse
Venema, http://www.porcupine.org/forensics/ it may help.
Peace Jim
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list