System hanging at boot

Bayard Coolidge bayard at tds.net
Fri May 30 19:30:35 EDT 2003


Ben wisely suggested the following to poor Charlie:

1. Immediately shut down the system
  2. Remove disks
  3. Install disks as "secondary disks" in another, known-good system
  4. Copy any important data off (or copy everything, if you want to
     do forensic analysis later)
  5. Wipe disks clean
  6. Put disks back in original system
  7. Re-install from scratch
  8. After checking files from step #4 above for evidence of tampering,
     copy them back to the system.

I would submit that when you get to step #7, that you seriously consider
doing the reinstallation from scratch of a RH 9.0 or whatever other
version you previously had ideations of "upgrading" to. And, as part of
Step #8, I think you will want to review exactly what security enhancements
have been added to the Red Hat products since 7.2, and perhaps use them,
rather than blindly copying back your (possibly tainted) system files.
I'm not picking on Red Hat - I went through a similar exercise with SuSE,
although I was fortunate in that my systems hadn't been compromised. But,
there were still a lot of new, arcane things I had to understand quickly!

Please understand that I'm very empathetic to your situation - not
a pleasant event at all.

Cheers,

Bayard







More information about the gnhlug-discuss mailing list