[lug] Ancient RH box hacked, which packages must be updated?
Bear Giles
bgiles at coyotesong.com
Thu Mar 25 18:25:07 MST 2004
Jeff Schroeder wrote:
> I think a good general rule is that if you've been hacked, REBUILD.
As I said, our long-term plan was to migrate to new hardware this
year anyway. This is forcing our timing a bit, but we were
planning on changing boxes, ISPs, everything anyway.
The problem is moving some non-packaged services with restrictive
licensing that will complicate testing any redeployment. That's
why we need to be able to keep the old box running for up to a few
weeks even as services are moved to a new box.
> Unless you're running Tripwire or something-- and have recent
> signatures built-- it's going to be extremely difficult to hunt down
> files that have been compromised.
We're running tripwire, which is one reason why I think we got
nailed by a known exploit. Hence the question on which packages
to update.
Bear
More information about the LUG
mailing list