[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Post-restore chkrootkit reports

Subject: Re: [cobalt-security] Post-restore chkrootkit reports
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sat, 31 May 2003 19:05:12 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Lew,

> Also, regarding the restore, IIRC I think for the sake of speed the data
> center may use "pre-restored" hard disks that are swapped in upon an OS
> restore request. Not sure if this was actually the case, or whether the
> restore was from a CD.

Hmm ... I'd guess that they either used a hardisk with the OS already on it, 
or they assigned you a RaQ which had been sitting around idly for some time. 
Which could be a problem because it might have been missing patches and was 
unmanaged and unmonitored. That's always a fishy combination.

It's easy to check the OS restore date, though:

#> ls -la /etc/build
-rw-r--r--    1 root     root           33 May 27 00:18 /etc/build

So the box used in this example was OS restored on May 27th.

-- 

With best regards,

Michael Stauber

Follow-Ups:
- Re: [cobalt-security] Post-restore chkrootkit reports
  - From: Lew Mark-Andrews

References:
- [cobalt-security] Post-restore chkrootkit reports
  - From: Lew Mark-Andrews

Prev by Date: [cobalt-security] Post-restore chkrootkit reports
Next by Date: Re: [cobalt-security] Post-restore chkrootkit reports
Previous by thread: [cobalt-security] Post-restore chkrootkit reports
Next by thread: Re: [cobalt-security] Post-restore chkrootkit reports

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index