Best thing to do if I get hacked?
Hey. I currently run Debian 4 Etch.
I was wondering the best things to check and possible applications to run on my Debian box if it were to be hacked and a multitude of things became changed.
I assume I could run a chroot kit on my system, as well as use the ps command to see if any new programs are running, but is there anything else I should consider doing both before and after I get hacked? I'm mainly looking for what to do after I get hacked if I failed to protect myself before hand.
I still feel kind of new to Linux so I am not too sure what all to look for when this sort of intrusion happens.
Example problem I might face: What if the 'ls' command is modified and lies to me about what files are in a directory, how would I be able to fix that?
|