[Wine] Re: Crazy (and just maybe awesome) idea: Winux

oiaohm wineforum-user at winehq.org
Wed Mar 10 04:05:34 CST 2010


> Mmmmmm ... speaking as a Unix sysadmin: if a work Unix box got
> rootkitted, I would in fact just blow it away and carefully restore
> data from backups. It's not like reinstallation is that hard or takes
> that long, and I'd feel much more reassured of my system's clean state
> than I would trying to clean a known dirty one. Your mileage may vary. 


True for closed source to just blow away.   Results from a binary audit.  Is a system exactly the same as if you had clean installed.  File permissions and all get cleared and reset.

Binary compare method is slightly slower on the install.    But it salvages data.

Problem here is training.  Running honey pots you have to be able to dissect the system. 

There is another reason why you run a package binary compare install.   If you know a system is breached and nothing has been tampered with you know a reinstall of the same OS is going to get you no where.  Something else has entered the system.

Problem with the nuke method.  You don't know how you have been breached.   True-fully think about it.   How can you protect self if you don't know where you have been defeated.

I am way more unhappy with a nuked system than a binary compared.     At least with a binary compared I have a list of files to go through to locate more information how the intruder got in.

Yes the difference between people running honey pots.   It is a higher level of training.

I have seen people using the nuke method wonder why the attack keeps on coming back.   Since the cleanly installed systems were not protected from the attack because they did not know the attack they were dealing with.

Honey pot methods are highly useful tools.

clamfs is practical under wine.







More information about the wine-users mailing list