Rookit infections: AARRGH!
puissante
puissante at lrc.puissante.com
Mon May 9 20:01:01 EDT 2005
Steven W. Orr wrote:
> On Monday, May 9th 2005 at 09:38 -0400, quoth Fred:
>
> =>Well, this generated some good ideas, but I could use more. Thanks.
>
> One more for aftermath cleanup if you're running an rpm-based setup:
>
> rpm -Va will check every file in the installation for integrity.
>
> Also, are you running ftp or telnet? Is your apache code the latest? Have
> you shut off all unneeded services? Are you running identd? Do you block
> unused *outgoing* ports?
All excellent suggestions. Dag nabbit -- I'm a software engineer without
the spare time to become a hardened security expert. Alas, it seems I
must take the time, which distracts from productivity, but I no longer
have a choice.
If I ever find whomever is responsible for this -- not bloody likely,
but I can frolic in ideation, can't I? -- I won't be responsible for my
actions. Or actually, I will. The worst of the old medieval torture
practices will pale in comparasion to what I'll do to the cybervermin...
-(he whose's name shall not be mentioned)
More information about the gnhlug-discuss
mailing list