[LUNI] Regenerate all binaries?

Seva Epsteyn seva at sevatech.com
Tue Jun 3 16:09:10 CDT 2003 

You may not even need apt..

Get a list of packages you have installed "dpkg --list", download them and 
get the tar out (I think .deb is just an ar(1) archive) and untar the files 
that match say /bin/, /lib/ etc..

Be careful not to overwrite the configuration, on the other hand you really 
want to check all the configuration because there are likely new extra 
binaries added to the system and not in a standard location start probably 
start from cron or init script or somesuch..

/Seva

On Tue, 3 Jun 2003, David Ehle wrote:

> 
> 
> Basicly, yes.  I don't have time to rebuild it right now, but I would like
> to clean out the worst of the crud till I can sort through the stuff I
> need to keep and rebuild from scratch.  I've verified some basic tools
> like ps, bash, lsof, found the backdoors and disabled them enough that I
> feel confortable that it will hold for today, but I would like to
> give it a good scrubbing so I can wait till some other deadline projects
> are done before rebuilding from scratch.
> 
> I also want to have something usable while I try to figure out where the
> issue started (what package or service) so I can warn the author and avoid
> it in the future.
> 
> 
> On Tue, 3 Jun 2003, bliss at attbi.com wrote:
> 
> > Just out of curiosity, what are you trying to do?  Are you trying to retain the
> > existing system without having to rebuild the box?
> >
> > A hacked system is a broken system.  It should be rebuilt from the ground up.
> > You do not know what has been changed, compromised, etc.  You cannot be certain
> > that anything like this would restore this system to a pristine condition
> > without some portion of the hack lingering around.
> >
> > Jim
> > >
> > > This is sort of a follow up from my last post about being hacked.
> > >
> > > I've found various bits and pieces of the rootkits changes.  Replaced my
> > > passwd, some libraries ect.
> > >
> > > I was wondering if there is a way to use apt under debian to replace just
> > > about everything with known good versions from the debian pool?
> > >
> > > I DON'T think it has the ability to do a fingerprint check on files and
> > > update them selectivly, but I would settle for a straight re-installation
> > > of everything I've got on the fly.
> > >
> > > Is there a way to get apt/dselect/dpkg to do this?
> > >
> > > Thanks!
> > > David.
> > >
> > > ______________________________________________________________________
> > > Linux Users Of Northern Illinois - Technical Discussion
> > > luni at luni.org
> > > http://luni.org/mailman/listinfo/luni
> > ______________________________________________________________________
> > Linux Users Of Northern Illinois - Technical Discussion
> > luni at luni.org
> > http://luni.org/mailman/listinfo/luni
> >
> 
> ______________________________________________________________________
> Linux Users Of Northern Illinois - Technical Discussion 
> luni at luni.org
> http://luni.org/mailman/listinfo/luni
> 

-- 
seva at sevatech.com
http://sevatech.com

More information about the luni mailing list