Help, server hacked!!! how do i restore system binaries?
Please check out the LQ FAQ: Security references
. The "Compromise, breach of security, detection" part. Like the rest already said: you don't. Use the three R's: repartition, reformat and reinstall from scratch.
How can I restore those but keep everything in /home, /usr/local/apache/, /etc/localdomain, etc?
Verify those files manually, then backup if necessary. Don't backup binaries unless you have external and untaintable means of verifying integrity.
You will have to do some heavy scrutinizing on all data you restore.
Please don't use backups unless you have external and untaintable means of verifying integrity.
if you have a rpm-based system, check out the --verify option to rpm. this will give you some indication what is wrong.
...that is, if the system, binaries and rpm database can be trusted (which you can't unless you boot FIRE/PSK/Knoppix/distro bootcd with the rpm and (verified clean) db's on ro media). besides the rpm db doesn't pick up stuff installed or added outside of it. That's where Aide, Samhain or tripwire come in...