Date: 14 Jan 1999 14:58:38 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Silvio Sosio <silvio.sosio@acme.it> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Help: searching for su 225 Message-ID: <xzp90f6q7ld.fsf@flood.ping.uio.no> In-Reply-To: Silvio Sosio's message of "Thu, 14 Jan 1999 14:02:30 %2B0100" References: <199901141300.OAA28063@blue.planet.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Silvio Sosio <silvio.sosio@acme.it> writes: > An hacker has attacked my server and removed the "su" command. > I need urgently the binary. The FreeBSD versione is 2.2.5; I've tried to > use the version 2.2.6 but it does'nt work. That is a very, very bad idea. You are advertising the fact that your system has poor security, and asking people to send you binaries. The probable outcome is that somebody will send you a trojan. If your system has been cracked, the first rule is always to take it offline. The next step is to secure evidence, either by doing a level 0 dump of all file systems or by leaving the system untouched until you have time to analyze the attack. If you can't get root, press Ctrl-Alt-Del on the console and bring the system up in single-user mode. (OBTW, su must be suid to work so you need to *be* root to install it. Getting a binary won't help you) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp90f6q7ld.fsf>