Of course, they rebuilt servers from scratch
Linux Security sat on a wall.
Linux Security had a great fall.
All the king’s horses,
And all the king’s men,
Couldn’t get Security back together again.
With Linux not going through the formality of keeping logs that can’t be changed by a root user, there is no way an audiit about what really happened can be conducted, so indeed, the best way is to nuke everything and start over.
“Re-securing a compromised Linux system is very difficult. Intruders usually
leave startup traps, trap doors, and trojan horses in ...