 | | | Linux Security Resources | Linux Security Resources 2004-09-22 - By Scot L. Harris
Back
On Wed, 2004-09-22 at 16:10, Tim Huffman wrote:
> Can anybody point me to some good resources on Linux (especially RedHat)
> security? I'm a fairly new admin, and it looks like one of the boxes I'm
> taking care of was at least party compromised.
>
> What's the best way to see how badly the server was compromised? Is
> there any way to salvage it, or should I wipe it?
>
> I appreciate any help you guys can give me. Thanks!
>
> -Tim
You can try running chkrootkit. It may identify specific root kits if
they were installed.
However if you really suspect the system was compromised the only real
way to ever be sure the system is secure again is to do a re-install.
Even if the chkrootkit comes back clean a really good hacker might not
leave any traces.
When you re-install you will want to review your firewall settings on
the server as well as at the demark and you should consider installing
tripwire. Tripwire can let you know when certain files change on the
system. In this case it might produce a list of changed files.
And even if you have tripwire and you suspect a system was compromised
it is always recommended to re-install the system.
--
Scot L. Harris
webid@(protected)
Blessed are they who Go Around in Circles, for they Shall be Known as Wheels.
--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list
|
|
|