Re: How to tell if I've been hacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Check for failed logins in /var/log/messages

Check if the /etc/passwd file have been changed

Use commands like last, w and uptime.



2009/8/19 Eduardo Grosclaude <eduardo.grosclaude@xxxxxxxxx>
On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbell<centos@xxxxxxxxxxxxx> wrote:
> You cannot trust tools like ``ps'', ``find'', ``netstat'', and
> ``lsof'' as these are frequently replaced by ones that are
> modified to hide the cracker's work.

As a corollary, the only safe way to audit a suspected system is
booting your diagnostic tool from known good media (eg try a security
Live CD distro)

--
Eduardo Grosclaude
Universidad Nacional del Comahue
Neuquen, Argentina
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux