[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Post-restore chkrootkit reports
- Subject: Re: [cobalt-security] Post-restore chkrootkit reports
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 31 May 2003 19:05:12 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Lew,
> Also, regarding the restore, IIRC I think for the sake of speed the data
> center may use "pre-restored" hard disks that are swapped in upon an OS
> restore request. Not sure if this was actually the case, or whether the
> restore was from a CD.
Hmm ... I'd guess that they either used a hardisk with the OS already on it,
or they assigned you a RaQ which had been sitting around idly for some time.
Which could be a problem because it might have been missing patches and was
unmanaged and unmonitored. That's always a fishy combination.
It's easy to check the OS restore date, though:
#> ls -la /etc/build
-rw-r--r-- 1 root root 33 May 27 00:18 /etc/build
So the box used in this example was OS restored on May 27th.
--
With best regards,
Michael Stauber