View the Most Wanted LQ Wiki articles.
Go Back > Blogs > unSpawn
User Name


Rate this Entry

Required Reading: Detect and Clean a hacked server (like, not)

Posted 07-26-2006 at 04:47 PM by unSpawn

I wonder what would happen (think newbie) if I would trust information from one source? Take for instance Detect and Clean a hacked server T0rnkit Tutorial which says I can completely recover a compromised and rootkitted box *just by deleting and installing some tools*. Of course *you* know that's completely wrong (and the comments say that as well) because you've read more docs (or had the experience of having to mop up after a breach). But how about someone who doesn't see the comments? Someone who's in a hurry to "fix things"? Someone who doesn't know CERT or SecurityFocus or any other sites with well-written content?..

Here's two CERT docs that should start off anyone in the proper way (scope, tasks, tools):
Intruder Detection Checklist:
Steps for Recovering from a UNIX or NT System Compromise:
LQ FAQ: Security references: for more nfo.
Posted in Uncategorized
Views 694 Comments 0
« Prev     Main     Next »


All times are GMT -5. The time now is 05:11 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration