[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC9 Compromised...



On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
> You could try booting with a LiveCD and use find to expose files
> created recently.

No good. A rootkit could have changed the file creation time. Either run
a hash check on all the binaries ("rpm -V" might be useful here, but of
course the rpm database could also be corrupt), or just reinstall from
safe media.

I know which one I'd do.

poc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]