disaster recovery after rootkit -> MySQL and user accounts
lists at visionsix.com
Wed Apr 23 13:50:33 PDT 2003
----- Original Message -----
From: "Dave [Hawk-Systems]" <dave at hawk-systems.com>
To: <freebsd-isp at freebsd.org>
Sent: Wednesday, April 23, 2003 3:14 PM
Subject: disaster recovery after rootkit -> MySQL and user accounts
> the new server is FreeBSD and this is an ISP hosting environment...
> that it doesn't really fit this group, but figured would have a good
> hitting someone in here with some pearls of wisdom.
> Recently inherited a Debian Linux box from a small ISP. While it was
> to transfer everything over to our chosen platform (FreeBSD) we notices
> peculiarities. Evidently one of the previous "sysadmins" had given out
> login information to allow people to fix their own problems. Sure
> the server and somone had installed a root kit, dont' a poor job, and
> box was melting down.
> 1) Mysql won't start due to all the corrupted libraries. While I can
> the data files from the data directory, not sure how or if we could
> this back into mysql on the new server and still have mysql
> permissions still in place (there are about 30 databases)
> So far, the entire system is rebuilt with FreeBSD 4.x stable branch,
> information we are moving over from the old server is
> - user public_html directories (chowned and chmodded to the users
> - portions of the httpd.conf (namely virtualhost containers) edited as
> - mysql databases
> any vulnerabilities that could be transported as a result of moving this
> information over?
> thanks for any help or direction with the above issues.
I moved from RH Linux to FreeBSD and it seems that I just shut down MySQL
tar'd the MySQL database directory and untarred on the new FreeBSD server.
Had no problem with the user table or anything of the sort. While this
doesn't cover everything it perhaps will help on the MySQL aspect of
Another thing I could say is to look at putting the VirtualHost lines in a
separate directory when you have time and doing an include statement
within the httpd.conf file. It makes things much more portable
More information about the freebsd-isp