disaster recovery after rootkit -> MySQL and user accounts

[Jamie Heckford]

> unfortunately because of the corruption of various shared 
> libraries and so forth as a result of the attack, the mysql 
> daemon (in addition to a mitfull of other standard services) 
> will not start.
> 

Surely if you still have most of the data on the drive then you can look
for the RPM database and find out what version was installed on there?
Similar to the /var/db/pkg on FreeBSD for the ports.

Jamie