[lug] Ancient RH box hacked, which packages must be updated?

[Tkil]

>>>>> "Bear" == Bear Giles <bgiles at coyotesong.com> writes:

Bear> The one bright note is that we haven't seen any sign of a
Bear> malicious kernel module - once we were aware of a problem we
Bear> quickly identified the rogue processes with netstat, lsof and
Bear> ps.

You're aware that these modules hide themselves, even from "lsmod"?

Once a system is compromised, you are far better off starting with a
brand new disk (or, if you want to use the same disk, do a full wipe
and repartition / reformat.)

But maybe I'm just paranoid.

t.