Ebury SSH root kit - RAID swap question

Fairlight fairlite at fairlite.com
Mon Mar 17 14:10:16 PDT 2014 

Depends on whether or not your system is seeing the drive by-device,
meaning by the UUID for the array.  If so, you may need to change the grub
menu as well.  This is most often a hazard when dealing with VMs
(especially under VirtualBox), but it's possible it could be hit in other
ways.

mark->

On Mon, Mar 17, 2014 at 05:05:58PM -0400, scooter6 at gmail.com thus spoke:
> Guess I'll just need to add the user 'filepro' on the new system - as well
> as edit /etc/fstab for the 2nd RAID, etc right?
> 
> 
> On Mon, Mar 17, 2014 at 4:57 PM, Robert T. Repko <rtr at rsquared.com> wrote:
> 
> > The RAID information is stored on the drives themselves, not the
> > controller.  So you should be able to swap the drive with no problem.
> >
> > From: filepro-list-bounces+rtr=rsquared.com at lists.celestial.com [mailto:
> > filepro-list-bounces+rtr=rsquared.com at lists.celestial.com] On Behalf Of
> > scooter6 at gmail.com
> > Sent: Monday, March 17, 2014 3:15 PM
> > To: filepro-list at lists.celestial.com
> > Subject: OT: Ebury SSH root kit - RAID swap question
> >
> > So apparently my CentOS 5.10 / filePro 5.6.10D4 server has been infected
> > with the Ebury SSH rookit trojan.....where everywhere I look since you
> > should do a fresh OS install as the only known completely safe fix....
> >
> > My question is - I have two identical Dell Poweredge 2850's - same drives,
> > same CPU's (2 Xeon 3.20GHz processors) I have the infected system set with
> > two RAID 1's -- first for OS and 2nd for filepro and data Can I build a
> > RAID 1 on the 'second' server, install the OS and swap JUST the OS drives
> > with the infected system?
> > (I know I'll have to add users, etc) but can I do this as 'simply' as it
> > sounds?
> > My concern would be the RAID being read on the 'new' server, even though
> > it's built the same with the same idential drives, etc....
> >
> > Is this possible?
> >
> > thanks
> >
> > Scott
> > PDM
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> > http://mailman.celestial.com/pipermail/filepro-list/attachments/20140317/af9a0d54/attachment.html
> > _______________________________________________
> > Filepro-list mailing list
> > Filepro-list at lists.celestial.com
> > Subscribe/Unsubscribe/Subscription Changes
> > http://mailman.celestial.com/mailman/listinfo/filepro-list
> > This email was scanned for viruses by ClamAV AntiVirus.
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.celestial.com/pipermail/filepro-list/attachments/20140317/ab17c258/attachment.html 
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
> 

-- 
Audio panton, cogito singularis.

More information about the Filepro-list mailing list