Re: Hacked or not appendice

看板FB_security作者時間21年前 (2004/06/13 06:33), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/5 (看更多)
On Saturday, 2004-06-12 at 13:44:45 +0200, Peter Rosa wrote: > I must add, there are no log entries after June 9, 2004. "LKM" message first > apeared June 8, 2004, after this day, there is nothing in /var/messages, > /var/security ..... Check if your syslog deamon is running. Also try to log something from the command line with logger. > How could I look for suspicious LKM module ? How could I find it, if the > machine is hacked and I can not believe "ls", "find" etc. commands ? Dunno. I've turned off modules on all my FreeBSD machines. IIRC, the way to check binaries is to "make buildworld", install somewhere else and compare. Of course, you should not build on a suspect machine. Have you turned on securelevel? HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas | _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 lupe. 的文章
文章代碼(AID): #10ouJ100 (FB_security)
更多 lupe. 的文章
文章代碼(AID): #10ouJ100 (FB_security)