Re: I'm afraid I've been cracked.
hi ya william
yes....true that grepping is kinda silly....but i just want to see if
anybody even tried...am gambling that most try but fail to get in...
( assuming too that they did not modify the log files and binaries etc
( to hide themself
i need to add *grep and lsof to that list to get a checksum of the
binaries....even simple ls -l of the binaries is a good start
and more importantly...save your "valuable data" on a 2nd system elsewhere
rootkits is getting very good to hide itself... i think...
getting harder to find if and how they got in...
c ya
alvin
http://www.Linux-Consulting.com/Lsec......
our very first.."securityfest" to try to break into or defend virgin
linux installs...
On Wed, 27 Sep 2000, William T Wilson wrote:
> On Wed, 27 Sep 2000, Alvin Oga wrote:
>
> > egrep -i "failed|failure|refused|not allowed|illegal
> > port|blocked|denied|passwd"\
> > /var/log/messages*
>
> There is not much to gain by this. If the information is found in your
> logfile, they didn't get in :}
>
> > check the binaries tooo...
> > top, ps, ls, last, w, who, netstat, passwd, login, etc...
>
> Absolutely do this. I've seen rootkits these days that modify the startup
> scripts too.
>
Reply to: