LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 11-17-2008, 02:19 PM   #1
dave247
Member
 
Registered: May 2004
Posts: 206

Rep: Reputation: 30
what I security applications should I run after getting hacked?


Hey guys. As one of our last labs, our professor is going to run some evil scripts on our servers and we are supposed to find out what he did, as much as we can.

I will be running a chrootkit but I wanted some suggestions for other applications to run and what else to check for.

if you can give me some suggestions, it will help

Thanks!

Last edited by dave247; 11-17-2008 at 02:23 PM.
 
Old 11-17-2008, 03:04 PM   #2
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 84
Well, at a minimum, I would be checking the permissions on all the system folders, to ensure that they are owned by root where required, and inaccessible to anyone else! That way, unless he cracks your root password, which you should make sure is REALLY strong, he is effectively sandboxed in userland. Other than that, you should turn up your log levels, and monitor them closely for unusual activity.
 
Old 11-17-2008, 03:38 PM   #3
dave247
Member
 
Registered: May 2004
Posts: 206

Original Poster
Rep: Reputation: 30
thanks irish, thats kinda what i was thinking about the logs.

he probably wont crack my root password, and he knows it -- he gave it, but he will probably replace or remove it and I will have to figure out how to fix it. Single user mode, I know...

ummm, other than that... I was thinking he might be changing some of the commands so they lie to me such as the ls and ps command, so I backed them up. Otherwise is there a better way to find out and fix modified commands?
 
Old 11-17-2008, 03:52 PM   #4
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 84
Well, if you make them owned by root, he won't be able to change them without cracking the root password! Of course, your big challenge is hunting down his scripts, and figuring out what they do....

Take a look at some of these:
http://blogs.law.harvard.edu/zeroday...ver-hardening/

http://librenix.com/?page=Hardening%20Linux

http://www.ubuntu.com/products/whati...tures/security

http://boilinglinux.blogspot.com/200...hardening.html
 
Old 11-17-2008, 04:03 PM   #5
dave247
Member
 
Registered: May 2004
Posts: 206

Original Poster
Rep: Reputation: 30
well Im not really allowed to harden my server before he hacks it. i can do whatever i want afterward though! :'(
 
Old 11-17-2008, 04:51 PM   #6
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 84
Oh, ok, well then good luck with that!
 
Old 11-17-2008, 04:58 PM   #7
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by dave247
As one of our last labs, our professor is going to run some evil scripts on our servers and we are supposed to find out what he did, as much as we can.
You'll want to create a HIDS db of the pre-cracked system. Then you'll need a safe command environment to operate from afterwards (to check the db against the system): i.e. a live cd.

Good luck. If you don't know what I said, use teh google. (This is homework..)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I want to hack my application vikasumit Programming 8 08-03-2006 07:55 AM
Post hack investagation help... Spydr Linux - Security 7 09-18-2003 07:11 PM
Post Hack Could someone email me Redhat cp exe? acid_kewpie Linux - Security 1 02-27-2002 04:09 PM
Post Hack Could someone email me Redhat cp exe? unSpawn Linux - Security 1 02-27-2002 01:18 PM
Post Hack Could someone email me Redhat cp exe? dri95 Linux - Security 6 02-27-2002 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 11:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration