Well, instances like this require a CYA letter to the client. If a client
doesn't agree with your direction, then the ball is in their court as you've
told them what needs to be done.
Customers get what they deserve.
On 8/31/05 12:52 PM, "Ted Dively" wrote:
> On Aug 31, 2005, at 12:32 PM, Dan Shoop wrote:
>
>> Most likely the reboot will clear out user mode worms, since they
>> don't actually compromise the system, just the user. The worm would
>> have needed to compromise teh system itself to write any startup
>> files. Though many bad applications wonk permissions on /Library/
>> StartupItems. All user files should be scrutinized so that they
>> don't have any login startup items that will restart it.
>
> Thanks for the advice, Dan. As I mentioned to a couple of folks off-
> list, it would be politically difficult to take down the server and
> wipe/install, although it could be done if really necessary. For now,
> simply removing the build of PsyBNC and the file stuck in /tmp seems
> to have cleared up the problem. In the meantime, I'll continue
> scanning the machine and users, plus monitor it, and should any other
> funny business manifest, I'll force the client to let me rebuild the
> box from scratch. <sigh>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
