xfs
[Top] [All Lists]

Re: XFS tree for Red Hat should be moved to at least kernel-2.4.20-20

To: "Net Llama!" <netllama@xxxxxxxxxxxxx>, "Simon Matter" <simon.matter@xxxxxxxxxxxxxxxx>
Subject: Re: XFS tree for Red Hat should be moved to at least kernel-2.4.20-20
From: "Michael Sinz" <Linux@xxxxxxxx>
Date: Tue, 16 Sep 2003 13:01:22 -0400
Cc: "Ethan Benson" <erbenson@xxxxxxxxxx>, "linux-xfs@xxxxxxxxxxx" <linux-xfs@xxxxxxxxxxx>
In-reply-to: <46673.213.173.165.140.1063729347.squirrel@xxxxxxxxxxxxxxxxxxxxxxx>
Priority: Normal
Reply-to: "Michael Sinz" <Linux@xxxxxxxx>
Sender: linux-xfs-bounce@xxxxxxxxxxx
On Tue, 16 Sep 2003 18:22:27 +0200 (CEST), Simon Matter wrote:

>
>> On Tue, 16 Sep 2003, Simon Matter wrote:
>>> No please. There are better solutions than mkfs in most situations. Why
>>> being so afraid about kernel modules and rootkit binaries? Boot from a
>>> CD
>>> like knoppix or similar. Then mount all filesystems and examine the
>>> system. First check whether your rpm database has been touched. A recent
>>> backup may help here. Then rpm is your friend by finding out which files
>>
>> How do you know that you can trust your rpm binary?  How do you know that
>> you can trust your rpm database?  How do you know that you can trust
>> *anything* on the system?
>
>You boot from CD. Then you can use rpm2cpio running from the CD and
>extract the rpm package which is installed on the target system. Diff all
>the files and you're sure your rpm binaries are okay.

Actually, if you have a "live" CD (like Knoppix) then you can use the RPM
binary on the Knoppix CD.  RPM has this nice feature where it can go though
all of the files and all of the RPMs (you need to have those from somewhere
safe, like CD or known-good source) and provide a report as to which files
from which RPMs have changed.

I am not sure anymore what the trick is, but you can also have it tell you
if a file came from an RPM or not and get a list of all files that are not
from RPM.  (This could be huge if you server has lots of data or user files)

Anyway, I always keep a trusted CD or two (actually, I am just starting to
move to DVDs now) that are bootable and have all the tools to revalidate
my systems.  (and fix/restore them as needed)

It gets more interesting when you have to do this with remote servers :-)


-- 
Michael Sinz - http://www.sinz.org/Michael.Sinz/Linux - Linux@xxxxxxxx



<Prev in Thread] Current Thread [Next in Thread>