My Raq 4i was hacked last night and I had the server restored. I have weekly backups of the following directories:
The first thing I did was restore the directories from my backup. Stupid me did not save off the originals. I later found that I probably only wanted to restore the /home directory and part of the /etc directory. By restoring all direcories, I overlayed some crucial files and created an out-of-sync condition. The net result was my Control Panel was dead and I could not restart Apache. I had to start over and once again get my server restored. Before I do anything else, I will back up the directories. My questions are:
1) Is it safe to restore the entire /home directory?
2) What parts of /etc do I need to restore. I am sure I must get httpd.conf and access.conf, but I am not sure what else. The more specific answer, the better.
3) Should I install PHP/MYSQL/RAQ Security updates before I do the above restores?
4) Are there any other pitfalls that could cause me problems?
While it may be possible to just restore /home and run meta verify, I don't think that's a reliable method. On a plain jane Linux box the /home & /etc scenario probably works, but on the Cobalt RaQ the control panel GUI and associated PostgreSQL database is very picky. If you want to be assured of success, do it manually:
Create a site manually in the GUI.
Create the site users via the GUI.
Restore the individual site files from backups.
Restore individual site user's mail spools from backups.
Repeat for each site.
Restore /etc/named/records from backup, only if you IP setup is identical. Access the DNS GUI and save out to rebuild the zone files.
In the future, use a CMU based backup routine (like raqbackup.sh).. it works wonders.