-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-11-04 at 08:31 +0100, Joop Beris wrote:
The only way to be sure that no executables have been altered, would be to verify the checksum of each executable against the checksum of that file at system installation. You'd need a read-only medium with that checksum
Or against another system installed in the same way, with the same updates.
information on it, like a CD-ROM and an intrusion detection package like AIDE. But if your client is running an unpatched system, I don't think they would have the prudence to have such a CD-ROM.
improbable. :-)
You might run chkrootkit and/or rkhunter (again, from CD) and see what that yields, but really the only way to be sure is a complete reinstall from guaranteed clean, uncompromised media. After all, if the attacker is good (always assume he/she is) there's no telling in how many ways the system is compromised.
But let's start at the beginning...why do they believe that their system has been compromised?
A 9, unpatched... must have many holes. Could even be a script kiddie. Now they'll learn to update. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkQGZUACgkQtTMYHG2NR9X4JQCgiD1Xm+joBYgbOy6Gl5Cpstz7 YUsAnA/kw1xRdDWFQGa5bOi76kTOLMsp =WHqP -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org