Topic: Compromised system help - Slight emergency!!

[Anonymous]

Hey all-

Been running 5.1.2, and it got compromised. the original installer has left the company, and not many here are familiar with Linux, much less the e-smith.

A message came up from a program called SuckIT, saying that someone installed rootkit, and that there is a program corrupted that both need to survive. It's telling me to boot from a clean floppy, mount fs and restore sbin/init from backup.

1) Is this safe?
2) Is there another way?

We were in the process of moving everything to a new server, but there is vital data still on the drive and I NEED to be able to get this machine back up, compromised as it is.

Any suggestions???

Aodhan
(Who needs to    heavily soon!)

[Anonymous]

And, evidently an emergency recovery disk was not created at installation time, or it has become lost. How do you create one after the fact?

Aodhan

[guest22]

Upgrading to the latest SME Server 6.0.1 is highly recommended. Since 5.1.2 is old, save your data and do a new, clean install of 6.0.1.

RequestedDeletion

[Anonymous]

Upgrading to the latest SME Server 6.0.1 is highly recommended. Since 5.1.2 is old, save your data and do a new, clean install of 6.0.1.

RequestedDeletion

Great, love to. Problem is, I can't get to the partition to save the data, and when I use the 5.6 CD, it says there are repairs that need to be made before it can upgrade. Apparently, the drive is going bad on top of everything else.

We put it in another machine, and we can mount the boot partition, but no others.

Any suggestions?

Aodhan

[Anonymous]

So what happens when you try to mount the root partition?

[MSmith]

http://www.knopper.net/knoppix/index-en.html

It's easy to work with and should be able to mount any partitions that aren't too trashed.  Other recovery distributions are available, some more powerful than Knoppix; but for someone new to Linux, Knoppix is a good first step.

Good luck!