5 Oct
2001
5 Oct
'01
5:53 p.m.
On Fri, 2001-10-05 at 13:40, Keller, Tim wrote:
step 1: Change the root password
Done
step 2: Remove all those "holy" services
Done
step 3: Install SSH
Still have to do ... getting weird library conflicts
step 4: Firewall the machine so that it only accepts SMTP traffic from the outside world and SSH traffic from a couple of specific addresses
TODO
step 5: Use a tool like tripwire to make a snapshot, wait a week, rerun it again and see if anything changes.
Good, but still, how do I tell if it's already been rooted by 3l33t h4x0rs? And I guess an even bigger concern is the office politics things. How do I bring this to the big-wigs in a "good" light?