Yes, a can of worms... But general direction would be nice...
amcnabb at mcnabbs.org
Wed Jul 15 09:20:41 MDT 2009
On Wed, Jul 15, 2009 at 12:34:10AM -0600, Gabriel Gunderson wrote:
> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmorris at suseblog.com> wrote:
> > When you have been hacked:
> I don't mean to be a downer, but I've got bad news... The only thing
> to do if you've already *been hacked* is re-install and rebuild from
> trusted sources. Really, they've out smarted you once, are you going
> to give them another chance?
> Well, I guess if you had md5/sha1 sums (that you can trust) of every
> file on your system and you're willing to go file-by-file and verify
> them when mounted on a trusted system (*not* the one that was hacked),
> then, maybe, you could sleep again at night knowing all is well.
Even then, the kernel could be modified to lie about the contents of the
files. You really can't trust anything.
> I've got good news too... Installing Linux has never been easier and
> this will give you a change to test your CAREFULLY written and
> THOROUGHLY tested recovery plan.
I highly recommend having your own kickstart script and/or postinstall
script. There should be a little script that installs all of the
packages that you need and checks out config files from a Git
repository. This makes it really easy to recover from problems, whether
they come from hacking, hardware failure, or mistakes.
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
More information about the PLUG