[TriLUG] Server DEAD!

rasch at raschnet.com rasch at raschnet.com
Thu Aug 28 15:00:40 EDT 2003


On Thu, Aug 28, 2003 at 02:49:42PM -0400, Jeremy Portzer <jeremyp at pobox.com> wrote:
> The only reasons I know of to reinstall a Linux system are:
> 	* hard disk failure (duh!)
> 	* root-kit installation
> [If you have a good intrustion detection system, like tripwire, and you
> really know what you're doing, it's POSSIBLE to clean a rootkit without
> reinstalling.  But you'll never be sure if you've cleaned it completely
> or not.]

Tripwire can be a very good early-warning sign whether or not you use it
to restore your system to its original configuration.  In our small
office here a rootkit might go unnoticed for a week or two before
someone ssh'd in in to our server.  You'd probably get messgaes of
cronjob's failing though, assuming you have that set up right.

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030828/8b108a9f/attachment.pgp>


More information about the TriLUG mailing list