[nycbug-talk] Searching for suspect PHP files...
Matt Juszczak
matt at atopia.net
Wed Mar 11 19:41:03 EDT 2009
> Well if it really is keeping you up at night you can do the following:
> 1: reinstall the box from cds, feel free to make your own if you want
I'm still a bit confused. Most root kits overwrite your system binaries
correct? So what would the negatives be to installing a 6.3-RELEASE
system somewhere, somehow either checksumming or building an mtree of the
files in /sbin, /usr/sbin, /bin, /sbin, etc. and comparing to the existing
system (ignoring modification time of course). Shouldn't my FreeBSD
6.3-RELEASE system be identical in system binaries to any other
6.3-RELEASE system other than mtime?
-Matt
More information about the talk
mailing list