what I security applications should I run after getting hacked?
Hey guys. As one of our last labs, our professor is going to run some evil scripts on our servers and we are supposed to find out what he did, as much as we can.
I will be running a chrootkit but I wanted some suggestions for other applications to run and what else to check for. if you can give me some suggestions, it will help Thanks! |
Well, at a minimum, I would be checking the permissions on all the system folders, to ensure that they are owned by root where required, and inaccessible to anyone else! That way, unless he cracks your root password, which you should make sure is REALLY strong, he is effectively sandboxed in userland. Other than that, you should turn up your log levels, and monitor them closely for unusual activity.
|
thanks irish, thats kinda what i was thinking about the logs.
he probably wont crack my root password, and he knows it -- he gave it, but he will probably replace or remove it and I will have to figure out how to fix it. Single user mode, I know... ummm, other than that... I was thinking he might be changing some of the commands so they lie to me such as the ls and ps command, so I backed them up. Otherwise is there a better way to find out and fix modified commands? |
Well, if you make them owned by root, he won't be able to change them without cracking the root password! Of course, your big challenge is hunting down his scripts, and figuring out what they do....
Take a look at some of these: http://blogs.law.harvard.edu/zeroday...ver-hardening/ http://librenix.com/?page=Hardening%20Linux http://www.ubuntu.com/products/whati...tures/security http://boilinglinux.blogspot.com/200...hardening.html |
well Im not really allowed to harden my server before he hacks it. i can do whatever i want afterward though! :'(
|
Oh, ok, well then good luck with that!
|
Quote:
Good luck. If you don't know what I said, use teh google. (This is homework..) |
All times are GMT -5. The time now is 01:05 PM. |