[kwlug-disc] Ransomware in Gentoo
B. S.
bs27975 at gmail.com
Fri Mar 31 11:44:30 EDT 2017
First, backups.
Second, interesting timing ... -just- did a quick run through 'The
Debian Administrator's Handbook' https://debian-handbook.info/
Areas that cross-check against your message:
(Chapter 14)
- logcheck
- auditing packages
- monitoring files: AIDE
- detecting intrusion
- much else in there.
I took a quick boo at your link, and saw the observation to limit
outgoing destination ports, presumably to limit phoning home. (iptables)
Consider the set of files impacted - any one user, or all. i.e. Did they
get in as root, or www-data, or more/less.
Might clue you in as to how it landed.
I would expect most such come in via one's web browsing, but then
ability to impact outside of the browser processes was supposed to be
browser limited AFAIK. Something escaped?
On 03/31/2017 11:10 AM, Joe Wennechuk wrote:
> I saw this link on reddit.
> https://forums.gentoo.org/viewtopic-t-1060828.html
>
>
> I have never run any antivirus or anything on my linux box. Does anyone
> know how this got into this users machine, and/or how I should be
> protecting my home, and work environments using Linux?
>
>
>
>
> Joseph Wennechuk
> Phone: (226) 505-4812
> https://www.linkedin.com/pub/joseph-wennechuk/4/b59/382
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list