Date: Thu, 12 Jul 2001 15:25:46 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "www.slashx.net" <netbios@exodus.slashx.net> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root Message-ID: <20010712152545.B20322@xor.obsecurity.org> In-Reply-To: <Pine.BSF.4.31.0107122007500.39309-100000@exodus.slashx.net>; from netbios@exodus.slashx.net on Thu, Jul 12, 2001 at 08:09:00PM %2B0000 References: <001801c10b0e$1976d370$97625c42@alexus> <Pine.BSF.4.31.0107122007500.39309-100000@exodus.slashx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--98e8jtXdkpgskNou Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 12, 2001 at 08:09:00PM +0000, www.slashx.net wrote: > suppose my server was intruded, would it be safe to say that a cvsup of > the most current tree, would overrwrite all bins / incase they were > backdoored? No; you need to back up any data files, wipe the system and reinstall from scratch, being careful to restore only data, not binaries. And check the data to make sure it hasn't been maliciously altered. Anything less and you can't be sure you've got every last backdoor left by the intruder. > also does anyone recommend any sort of IDS? What kind of IDS? snort is an excellent network IDS, and tripwire is fairly good for host-based IDS. Both are in the ports collection. Kris --98e8jtXdkpgskNou Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TiPpWry0BWjoQKURArSlAKD/V2SMCfyAJFeFA74B5FEkT7yxsgCguRjZ 4qoCfL4LDuI+aWng8CC0Do4= =StOL -----END PGP SIGNATURE----- --98e8jtXdkpgskNou-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712152545.B20322>