[nycbug-talk] Searching for suspect PHP files...

Matt Juszczak matt at atopia.net
Wed Mar 11 19:41:03 EDT 2009


> Well if it really is keeping you up at night you can do the following:
> 1: reinstall the box from cds, feel free to make your own if you want

I'm still a bit confused.  Most root kits overwrite your system binaries 
correct?  So what would the negatives be to installing a 6.3-RELEASE 
system somewhere, somehow either checksumming or building an mtree of the 
files in /sbin, /usr/sbin, /bin, /sbin, etc. and comparing to the existing 
system (ignoring modification time of course).  Shouldn't my FreeBSD 
6.3-RELEASE system be identical in system binaries to any other 
6.3-RELEASE system other than mtime?

-Matt



More information about the talk mailing list