Re: Hacked or not ?
From: Alex Povolotsky (tarkhil_at_webmail.sub.ru)
Date: 06/12/04
- Previous message: Thordur Ivar: "Re: Hacked or not appendice"
- In reply to: Peter Rosa: "Re: Hacked or not ?"
- Next in thread: Alexander Yeremenko: "Re: Hacked or not ?"
- Reply: Alexander Yeremenko: "Re: Hacked or not ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 12 Jun 2004 17:50:35 +0400 To: freebsd-security@freebsd.org
On Sat, 12 Jun 2004 14:39:21 +0200
"Peter Rosa" <prosa@pro.sk> wrote:
PR> But what about the /var/log/messages logs absence ?
PR> And, how to test the machine, if it is healthy ?
Boot from CD and compare md5 checksums on system files. That's the first step.
Compare your kernel sources with clean ones, rebuild kernel and compare it with the running one. If you're running GENERIC, compare it with the distributed one.
Compare /modules directory with distribution one.
Check your (and system) .profile or .login etc.
After this step, you should have reasonably clean system.
-- Alex. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Thordur Ivar: "Re: Hacked or not appendice"
- In reply to: Peter Rosa: "Re: Hacked or not ?"
- Next in thread: Alexander Yeremenko: "Re: Hacked or not ?"
- Reply: Alexander Yeremenko: "Re: Hacked or not ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
