disaster recovery after rootkit -> MySQL and user accounts
jamie at tridentmicrosystems.co.uk
Thu Apr 24 07:36:28 PDT 2003
> unfortunately because of the corruption of various shared
> libraries and so forth as a result of the attack, the mysql
> daemon (in addition to a mitfull of other standard services)
> will not start.
Surely if you still have most of the data on the drive then you can look
for the RPM database and find out what version was installed on there?
Similar to the /var/db/pkg on FreeBSD for the ports.
More information about the freebsd-isp