M. Fioretti
2008-Sep-01 05:59 UTC
[CentOS] How to check for rootkit, troians etc in backed up files?
Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. There are backups of necessary shell script, ASCII configuration files and more or less important email (maildir format, if it matters) including messages with binary attachments in .doc, .pdf, .jpeg and other formats. What is, in the context above, the best way to make sure that **those** backed up files (which _must_ be put back on the server after reinstall) do not contain any rootkit, troian, virus, whatever? Which Centos / linux tool you'd recommend for this specific case? TIA, Marco -- Your own civil rights and the quality of your life heavily depend on how software is used *around* you: http://digifreedom.net/node/84
Mike McCarty
2008-Sep-04 06:15 UTC
[CentOS] How to check for rootkit, troians etc in backed up files?
M. Fioretti wrote:> Hi, > > there is a remote (VPS) Centos 4.2 server which *may* have been > compromised. Reinstalling everything from scratch isn't a problem, it > may even be an occasion to improve a few things, the question is > another.I use rkhunter and chkrootkit. I run them regularly. If you keep your machine clean, then your backups will be, too. If you get compromised, then your backups since compromise are suspect. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that!