These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Backing Up The System

Classnotes | UNIX03 | RecentChanges | Preferences

Remember that if you are sure the system has been compromised you cannot trust the software in it or any information that it gives back to you. Applications might have been trojanized, kernel modules might be installed, etc.

The best thing to do is a complete filesystem backup copy after booting from a safe medium. Knoppix CDs can be handily used for this since they provide a shell in console 2 when the installation is started. The shell can be used to backup the information to another place (maybe a network file server through NFS/FTP...) for analysis while the system is offline (or reinstalled).

If you are sure that there is only a trojan kernel module you can try to run the kernel image from the CD in rescue mode. Make sure to startup also in single mode so no other trojan processes run after the kernel.

For review, see the relevent sections on backups from the second UNIX course classnotes: UNIX02



Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited June 28, 2003 4:17 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.