LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices

Rate this Entry

Required Reading: Detect and Clean a hacked server (like, not)

Posted 07-26-2006 at 04:47 PM by unSpawn

I wonder what would happen (think newbie) if I would trust information from one source? Take for instance Detect and Clean a hacked server T0rnkit Tutorial which says I can completely recover a compromised and rootkitted box *just by deleting and installing some tools*. Of course *you* know that's completely wrong (and the comments say that as well) because you've read more docs (or had the experience of having to mop up after a breach). But how about someone who doesn't see the comments? Someone who's in a hurry to "fix things"? Someone who doesn't know CERT or SecurityFocus or any other sites with well-written content?..

Here's two CERT docs that should start off anyone in the proper way (scope, tasks, tools):
Intruder Detection Checklist: http://www.cert.org/tech_tips/intruder_detection_checklist.html
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
---
LQ FAQ: Security references: http://www.linuxquestions.org/questions/showthread.php?threadid=45261 for more nfo.
Posted in Uncategorized
Views 616 Comments 0
« Prev     Main     Next »

  



All times are GMT -5. The time now is 08:13 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration