0

My ubuntu got hacked, and I want to use my /home and /etc if possible.

(assuming there's no executable file I need to run there)

Would it be a bad idea to do copy those folders from the hacked machine to new system?

(ie, is it ok to copy not executable files over?)

edit

I don't know much about how my system got hacked but the little I know is described here.
Why is elasticsearch user running SSHD?

Community
  • 1
eugene
  • 317
  • 3
  • 13
  • 2
    How did it got *"hacked"*? – gronostaj Aug 17 '14 at 12:12
  • My Linuxese is pretty rusty, but there are various routing and config files in both directories that could have been hacked, in the most extreme case. It would probably be safest to copy only those files you need and can verify as being safe. Note that you can safely put the directories on your box under other names, so you can check them for files you need and vet the files as you need them. – Daniel R Hicks Aug 17 '14 at 13:16
  • There are plenty of executable elements in `/etc` - startup scripts, interface scripts, udev rules etc. Same goes for `/home`. Login profiles for example. – Paul Aug 17 '14 at 14:00
  • @gronostaj: I updated the question – eugene Aug 18 '14 at 01:31

1 Answers1

-1

To be completely safe only Copy the file that are safe for sure. Those are the files you created like source code and your media files.

I cannot tell you what exactly was affected but since the maleware was running it probably has left some files in the /etc folder or any subfolder. Only copy the configurations that you manually changed since most of the files in that directory are automatically generated after you installed some programs.

Noa Sakurajin
  • 69
  • 2