1. Our host name was changed.
2. Many new programs appeared in /etc area.
3. /etc/hosts; /etc/hosts.allow; /etc/hosts.deny; and many other files execution permission have been changed. Made executable.
The first thing needs to be done is to recover the root password. In order to do that, follow our earlier blog post here: http://computationalgenomicsiicb.blogspot.in/2012/12/resetting-root-password-in-rh-linux.html
Once root password is recovered, check the files under /etc directory and check the executable file paths and find newly installed executables. Change the /etc/hosts file. Change the /etc/sysconfig/network file. Then run /etc/rc.d/init.d/network restart to restart network. Change permissions of most of the /etc files that are made executable to simple read-write mode.
Check your mysql server. If the root password is stolen then try to recover it by doing the following:
a. Stop mysqld server using /etc/init.d/mysql stop
b. mysqld_safe --skip-grant-tables & #This will start mysqld in safe mode and it will NOT ask for root password.
c. Login into mysql in passwordless mode: mysql -u root # You will be logged in passwordless
d. Then change the root password for mysql using:
mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
e. Then stop mysqld and restart. This will take care of all your changes.