|
|
|
|
|
|
by LeviticusMB
4764 days ago
|
|
|
Unfortunately, unless you have a very deep understandning of your operating system AND you're logging audit to a REMOTE system, you should assume the worst and reinstall all reachable systems from scratch. Invalidate all ssh keys. Then check your databases for suspicious admin accounts before going live. If not, how do you know if backdoors were installed, if the databases were modified, if local (known or unknown) exploits were used to gain root or if private ssh keys were stolen or used to gain access to other servers? |
|
|