Yes, a can of worms... But general direction would be nice...

Andrew McNabb amcnabb at mcnabbs.org
Wed Jul 15 09:20:41 MDT 2009


On Wed, Jul 15, 2009 at 12:34:10AM -0600, Gabriel Gunderson wrote:
> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmorris at suseblog.com> wrote:
> > When you have been hacked:
> 
> I don't mean to be a downer, but I've got bad news... The only thing
> to do if you've already *been hacked* is re-install and rebuild from
> trusted sources.  Really, they've out smarted you once, are you going
> to give them another chance?
> 
> Well, I guess if you had md5/sha1 sums (that you can trust) of every
> file on your system and you're willing to go file-by-file and verify
> them when mounted on a trusted system (*not* the one that was hacked),
> then, maybe, you could sleep again at night knowing all is well.

Even then, the kernel could be modified to lie about the contents of the
files.  You really can't trust anything.


> I've got good news too... Installing Linux has never been easier and
> this will give you a change to test your CAREFULLY written and
> THOROUGHLY tested recovery plan.

I highly recommend having your own kickstart script and/or postinstall
script.  There should be a little script that installs all of the
packages that you need and checks out config files from a Git
repository.  This makes it really easy to recover from problems, whether
they come from hacking, hardware failure, or mistakes.

-- 
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55  8012 AB4D 6098 8826 6868



More information about the PLUG mailing list