Also processes you thinkk you DO recognize:
Just for testing how alert my co-workers were, i had a program called
kswapd, just calculating prime-numbers...
They never noticed. ;-)
Without any preperation it's harder. No point in installing tripwire,
activating apparmor/selinux afterwards.
On Sat, Aug 22, 2009 at 6:07 PM, Bill Campbellcen...@celestial.com wrote:
On Sat, Aug 22, 2009, Dave wrote:
On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbellcen...@celestial.com wrote:
I review daily reports from over 50 systems every morning, checking changes
found, usually taking no more than 10
On Tue, Aug 18, 2009 at 3:53 PM, Scott Ehrlichsrehrl...@gmail.com wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
This is an interesting and frustrating
On Fri, Aug 21, 2009, Dave wrote:
On Tue, Aug 18, 2009 at 3:53 PM, Scott Ehrlichsrehrl...@gmail.com wrote:
... stuff deleted
On Tue, Aug 18, 2009 at 6:57 PM, Bill Campbellcen...@celestial.com wrote:
To really know whether a system has been hacked, it's necessary
to use something like Tripwire
On 08/19/2009 02:53 AM, Scott Ehrlich wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
there have been some really good ideas that came through this
On Sat, Aug 22, 2009, Dave wrote:
On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbellcen...@celestial.com wrote:
I review daily reports from over 50 systems every morning, checking changes
found, usually taking no more than 10 minutes a day. The key is to keep
the reports simple, and to make
On Sat, Aug 22, 2009 at 10:49 AM, Bill Campbell cen...@celestial.com wrote:
On Fri, Aug 21, 2009, Dave wrote:
On Tue, Aug 18, 2009 at 3:53 PM, Scott Ehrlichsrehrl...@gmail.com wrote:
... stuff deleted
On Tue, Aug 18, 2009 at 6:57 PM, Bill Campbellcen...@celestial.com wrote:
To really know
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Ryan Pugatch
Sent: Wednesday, August 19, 2009 5:23 AM
To: CentOS mailing list
Subject: Re: [CentOS] How to tell if I've been hacked?
Christopher Chan wrote:
Scott Ehrlich wrote
Also processes you thinkk you DO recognize:
Just for testing how alert my co-workers were, i had a program called
kswapd, just calculating prime-numbers...
They never noticed. ;-)
Without any preperation it's harder. No point in installing tripwire,
activating apparmor/selinux
Check for failed logins in /var/log/messages
Check if the /etc/passwd file have been changed
Use commands like last, w and uptime.
2009/8/19 Eduardo Grosclaude eduardo.groscla...@gmail.com
On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbellcen...@celestial.com
wrote:
You cannot trust tools
On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbellcen...@celestial.com wrote:
You cannot trust tools like ``ps'', ``find'', ``netstat'', and
``lsof'' as these are frequently replaced by ones that are
modified to hide the cracker's work.
As a corollary, the only safe way to audit a suspected system
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
Thanks.
Scott
___
CentOS mailing list
CentOS@centos.org
Scott Ehrlich wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
rpm -Va is a good start for modified binaries/libraries.
rootkit detectors is another
Christopher Chan wrote:
Scott Ehrlich wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
rpm -Va is a good start for modified binaries/libraries.
Ryan Pugatch wrote:
Christopher Chan wrote:
Scott Ehrlich wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
rpm -Va is a good start
On Tue, Aug 18, 2009, Scott Ehrlich wrote:
There is a lot of talk about the vulnerable Linux kernel. I'm simply
wondering the telltale signs if a given system has been hacked?
What, specifically, does a person look for?
To really know whether a system has been hacked, it's necessary
to use
16 matches
Mail list logo