Section 19.11 Getting Back in Control

   


19.11 Getting Back in Control

The best way to get back in control is to remove the system disk from the compromised system and connect it as the second disk to a known secure system. Then boot the secure system (from its disk) and mount the compromised disk somewhere. Usually, I do

 
 mkdir /mnt2;chmod 755 /mnt2 

and then mount on /mnt2 via

 
 mount /dev/hdb1 /mnt2 

or equivalent. The first partition of the second SCSI disk usually would be /dev/sdb1. Your root partition may be other than partition 1 and may be the floppy of a rescue disk.

Alternatively, if your compromised system is programmed in CMOS to first try to boot from the floppy or CD-ROM, insert your secure boot floppies or CD-ROM (technically, the boot floppy, followed by the root floppy) and power up the system. If it is programmed to boot from the hard disk, alter the CMOS settings and reboot.

Some computers' CMOS (boot up PROM) can be reprogrammed (reflashed) while the system is running. This possibility is very hard to detect and recover from, but unlikely to have occurred. If you suspect this, reflash the CMOS and reboot. At this point you have a very sparse (floppy-based) but trusted system running.


   
Top


Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net