[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to know if a machine was hacked?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 05, 2003 at 06:09:07AM +0100, Damir Dezeljin wrote:

> Is there any way to find out if a certain Debian Woody machine was hacked?

Well, have you made any of your own patches for software on your
system?  Anybody else with an account?

Oh, you mean cracked...start looking through /var/log/syslog* at the
very least.  Look for anything unusal.  I recommend installing
logcheck, ippl, and integrit to help keep track of activity on your
system.  Running chkrootkit might not be a bad idea.  If you're not
confident that you *weren't* cracked, format and reinstall from
scratch, you can't trust the system until you do.  I don't recommend
restoring anything but /home from backup if you don't know what changed.


hack: http://ursine.ca/jargon/html/H/hack.html
crack: http://ursine.ca/jargon/html/C/crack.html

- -- 
 .''`.     Baloo Ursidae <baloo@ursine.ca>
: :'  :    proud Debian admin and user
`. `'`
  `-  Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+3wv+J5vLSqVpK2kRAkd8AKDb0/8yGuPlzHgLh82rh8dv1eXO/gCgpRyL
T0prBeIHX03hYGhnLPrPtl4=
=fpph
-----END PGP SIGNATURE-----
Reply to: