Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 13 of 13
also look into adding tripwire and bastille to your repertoire if you really want to be prepared: BASTILLE-LINUX Open Source Tripwire® | Get Open Source Tripwire® at SourceForge.net...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626

    also look into adding tripwire and bastille to your repertoire if you really want to be prepared:

    BASTILLE-LINUX
    Open Source Tripwire® | Get Open Source Tripwire® at SourceForge.net
    linux user # 503963

  2. #12
    Just Joined! DT0X's Avatar
    Join Date
    Nov 2008
    Location
    Southwest UK
    Posts
    31
    Did you allow anonymous access to your FTP server? Or any weak passworded accounts on FTP / SSh?

    Have you run a full nmap on yourself to make sure that no other ports have been opened?

    Have you examined output of netstat -a or tcpdump to make sure theres nothing illegitimate attempting to connect out?

    Running the following command (or Debian equiv with sudo) will highlight any files with SUID or SGID of root which can be potential backdoors:

    find / -type f \( -perm /4000 -a -user root \) -ls -o \( -perm /2000 -a -group root \) -ls

    Maybe also have a look at chkrootkit.


    As for finding the original attack vector - if you really want to get into it I'd take a full image of the disk for forensic examination that we can really go into and then re-build the live system.

  3. #13
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    i believe the system has been tampered with too much to make a forensic image that would be worthwhile. In the future, you shouldn't move files, etc. as this can cause would to lose evidence.
    linux user # 503963

  4. $spacer_open
    $spacer_close
Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •