I am looking for some instructions or guidelines to use in rebuilding a Unix machine that has been compromised. If anyone knows of any links to pages that have either rebuild or how to re-install the OS, please share.


You might start here where you'll find lots of experts on Unix as well as links to BLOG's dealing in just Unix. Go to:

I'm not a Unix guy, so this is all I can offer. Good Luck!

Are you looking to save what is currently on the system or start from scratch??

The first steps are identifying what, if anything, was affected and might still be causing damage.

Look in /tmp, /var/run, /var/tmp. Check for any process that you know shouldn't be running or anything that looks suspicious (like eggdrop).

Change your passwords (all of them)

If whats on the box doesn't matter much, I'd reformat and reinstall.

If the box has been compromised, save your data, and reinstall. That's the only real way to ensure that there aren't remnants from some r00tkit laying around.