Re: Why most run Microsoft, not RedHat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I appreciate that I am responding to two people here so I've tried to
point out which one I am addressing below...

Zoltan Boszormenyi wrote:
### Tomas's Bit:
Tomas Larsson írta:
Obviously there must be flaws in any OS/SW even Linux, as an
example my FC4-server was rooted, due to a flaw in php/MySQL.
SElinux++
...but I bet you had it turned off, didn't you ;)
windows is no safer against 0-day expoits than anything else.
Arguably less safe (IMO) as it has absolutely not diagnostic output that
is readble by normal people...
I ended up with a complete re-install,
..and did you enable SELinux protection that time?

if it was a windows-system, first of
all, it wouldn't probably happen,
I don't see how you can say that... bad php code on a windows-basecd
webserver is just as exploitable as it would be on any web-server.
since my AW would have taken care of it,
really? you have a piece of security software that can stop people
expoloiting bad php code? We aren't talking viruses here. (nb: I am
Assuming that AW is antivirus.. if it means something else, please
enlighten me)

plus the fact that I would have managed to remove it without
re-installing, So in a sence Linux is far much more complicated to
restore, compared to Windows XP.


## Zoltan's bit...
I cleaned a rootkit once off a RedHat 7.1 system by using "rpm -Va".
It didn't need reinstallation the whole system.
Which, although you may have been lucky, is not usually the most
sensible approach. (no offence intended)
A few points to consider...
1. what if the rootkit is installed using rpm?
2. rpm is one of the binaries that has been 'trojaned'?
you'll see only what the attacker wants you to see.
rpm -Va is only as secure as /var/lib/rpm...
checking from a rescue envioronment against a read-only backup of
/var/lib/rpm has some mileage though.

If you have any (non-config) files that differ from what rpm knows,
you can reinstall the package that was modified.
see above.

The only guaranteed safe option is a complete reinstall and restore form
known good backup.

You don't overwrite system-provided binaries yourself, right? Any
compiled-from-source software should go into /usr/local or /opt...
and third-party RPM packages? Do you really not install any of those?
Most now go into /usr

Regards

Stuart

- --
Stuart Sears RHCA RHCSS RHCX STFU PDQ RIAA MP3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGNIBUamPtx1brPQ4RAkUgAJ91us7PHaQphjmgfmOIrJBUFmG/cwCdF/J3
jiSjD5HARyCorN1xFE5F2SM=
=PF5K
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: comments? little script i wrote -- i caught an attacker with it (RH only)
    ... > used for testing the RPM packages. ... Reinstall the *entire* system. ... obviously it blocks evidence of its own existence from hitting netstat, ... bootup, installing the rootkit, and md5sum will miss all evidence because ...
    (comp.os.linux.security)
  • Re: Ack! Ive been rooted...
    ... If you simply reinstall the rpm package ... reinstall rpm because of the possibility that it has been hacked. ... If the immutable file is set on any of the hacked binaries, it will also fail to install. ...
    (Fedora)
  • Re: Messed up window after gparted
    ... Does anyone have any idea what files or packages might resolve this? ... will reinstall a program ALONG WITH all its dependencies ?? ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • nForce 1 drivers fail after patch of SuSE 9.0 Pro
    ... It has an integrated nVidia chipset that does everything, ... There is also a later "0274" version but no SuSE specific rpm. ... the message says to reinstall the nVidia ... nVidia but that also fails with unresolved symbols. ...
    (alt.os.linux.suse)
  • nForce 1 drivers fail after patch of SuSE 9.0 Pro
    ... It has an integrated nVidia chipset that does everything, ... There is also a later "0274" version but no SuSE specific rpm. ... the message says to reinstall the nVidia ... nVidia but that also fails with unresolved symbols. ...
    (alt.os.linux.suse)