Linux Journal: Thwarting the System Cracker, Part 5 | Linux Today

Linux Journal: Thwarting the System Cracker, Part 5

Written By
MG
Marcel Gagné
Oct 23, 1999

After last week’s article, I received a few panicked
e-mails telling me that after using the RPM trick, files like
“netstat” and “ls” had actually been modified. The question that
followed was fairly obvious: “What now?

“You have a fair number of options. Depending on the importance
of the system, I will usually recommend taking a backup of the user
directories, password and other critical system files, and rebuild
the system without these files, using the backup as a reference for
the new system. I won’t just copy those files back. Our cracker may
have hidden things in legitimate places and we don’t want to let
him back in quite that easily.”

“You can also leave the system alone, tie down the host access
with TCP wrappers, shutting down non-essential services, and
replacing affected packages. Starting clean is important, but we
don’t always have that luxury — not immediately anyway. If you
discover that your “procps” or “net-tools” package has been
modified by a cracker, the first thing to do is to reinstall the
package. Since that package may have been the hole through which
your cracker entered, it is usually a good idea to get the latest
build from your vendor (RedHat, Caldera, Debian, etc). For the
truly paranoid, the fact is that once a cracker has access to your
system, they can replace anything, including the very files we use
to track down the damage. Like the Shaolin priests in the old TV
series, “Kung-Fu”, the cracker succeeds by being invisible.”

Complete
Story

MG

Marcel Gagné

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.