[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Files to backup incase of hack?

Subject: [cobalt-users] Files to backup incase of hack?
From: "Bill Maxwell" <bill@xxxxxxxxxxxx>
Date: Mon Jan 27 10:54:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I think I've seen this question previously on this list, but I can't find it
in the archives, so if anyone has a pointer or can give me the info, I'd
appreciate it.

We were recently hacked (I feel so violated <blush>), and had to do a full
OS restore which took  us out of business for a half a day. I understand
that the Sun suggested procedure after a hack is to wipe the system and do a
clean OS restore with all patches, but because we're using an outside host,
it often takes hours to get them to restore the OS and then we lose all the
sites and have to rebuild.

Instead, I'd like to just restore all system files and then make sure all
patches are applied until we can schedule an OS restore for a later time.
I'm looking to make a backup of important system files that may be replaced
with hacked files. So far I have made backups of /sbin/* /usr/bin/* /bin/*.
Is there anything else (besides my sites) that I should be backing up?
Should I backup /etc/rc.d/init.d/* as well? I also understand that after all
new patches that I should again back up these files, but which ones are
vulnerable and should be backed up?

Please advise.

Bill

Prev by Date: RE: [cobalt-users] webalizer squid RaQ XTR
Next by Date: RE: [cobalt-users] OT-Accounting/Billing
Previous by thread: RE: [cobalt-users] webalizer squid RaQ XTR
Next by thread: [cobalt-users] very basic email setup

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index