Re: [cobalt-users] Starting from scratch -- Resetting Raq4i to factory settings

[Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>]

On Wednesday 20 February 2002 02:13 am, Karl wrote:
> Hope someone can help me on this...  (excuse me in advance, but I'm a Linux
> novice, so I apologize in advance if this sounds stupid)
>
> I had a Raq4i co-located at a remote ISP.  Almost immediately after turning
> the server on, it was hacked.  Many files were altered to allow the hacker
> to have a 'back door' to the system.  He/She used it to tunnel through to
> other system from my Raq. (sigh)
>
> I've looked everywhere, but I can't find out how to re-set the system back
> to it's original factory setting (e.g. re-format the hard drive, re-install
> the OS, etc.)   On a PC-based server, I'd boot from a floppy/CD and
> FDISK/FORMAT the drive, but how would I do this on a Raq?   I've downloaded
> the OS image, but am a loss what to do next.
>
> Can anyone advise?  Worse comes to worse, I'll pay someone to do this for
> me.  I need to get this server back up and running!
>

Make a CD image of the ISO [don't use bootable if done on windows]
then boot a PC fromt the CD, you will need a dedicated 100MB ethernet 
connection to the RAQ. Use a crossover cable or a 100MB hub with only the PC 
and the RAQ connected.
When the PC boots off the CD there will be instructions on the PC display.


> P.S.  Any advice on what patches such as OpenSSH, Tripwire, etc I can
> install to prevent another hack, I'd appreciate it.
>
SSH pkg from http://pkg.nl.cobalt.com [turn telnet off]
ipchains, search google
pmfirewall, search google
pmfirewall will set up a basic firewall, then you can massage it as required.
Tripwire is good, it won't prevent you from being hacked, but will show the 
hackers tracks.
--
Gerald Waugh