David Bolt wrote:
On Mon, 21 Jan 2008, Joe Sloan wrote:-
<snip>
Yes, I remember dealing with some similar worms on linux servers - the difference being, if a linux system gets a worm, you install the security upgrade from the vendor, clean up the files left behind by the worm (which will typically be found only in world writable areas), and life goes on, without a reboot, and perhaps a momentary interruption in service while the daemon is reloaded.
You'd trust that method of cleaning a system? If only life were so simple.
If a windows web server gets a worm, game over. wipe the box and reinstall. At least that's what my mcse friends tell me.
I'd apply the same logic to a Linux server as well. The reason being that if a worm is able to install on the server using root privileges, there's no way to know just what else has been installed by it without performing some form of forensic work on the installation, and has to be done using tools from outside the.
Why would a server be running root privileges? -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org