Security Basics mailing list archives
Re: redhat audit
From: "Andrew Pretzl" <arp () norlight com>
Date: Tue, 17 Jun 2003 14:31:37 -0500
I would strongly suggest checking the system for a rootkit. Try the chkrootkit tool at www.chkrootkit.org that finds a number of different rookits which may be installed on the system. Your best bet in the long run would be to reload the system from scratch and harden it before putting it back into production. Check www.bastille-linux.org for an excellent set of perl scripts which will walk you through hardening a Linux system. Good luck! AP ============================= Andrew Pretzl - CISSP Network Engineer Norlight Telecommunications http://www.norlight.com ============================= "The opinions expressed here are my own and do not necessarily represent those of Norlight Telecommunications". Matthew Sallee <iammatt () holly col To: security-basics <security-basics () securityfocus com> ostate.edu> cc: (bcc: Andrew Pretzl/Norlight) Fax to: 06/16/2003 04:01 Subject: redhat audit PM recently my redhat box was compromised and i'm auditing changes that were made (i didn't notice for several days). i've been trying to create a command that will allow me view all the files modified in the last x number of days. i've tried piping ls to grep with minimal success. any help is greatly appreciated... matt --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: redhat audit, (continued)
- Re: redhat audit Douglas K. Fischer (Jun 17)
- Re: redhat audit Ulrich Keil (Jun 17)
- Re: redhat audit Luigi R. F. McMinn (Jun 17)
- Re: redhat audit Jan De Luyck (Jun 17)
- Re: redhat audit Pierre BETOUIN (Jun 17)
- Re: redhat audit Mark Ng (Jun 17)
- Re: redhat audit Volker Kindermann (Jun 17)
- RE: redhat audit Duane Beck (Jun 17)
- Re: redhat audit Tace (Jun 17)
- RE: redhat audit Klotz, Brian (Jun 17)
- Re: redhat audit Andrew Pretzl (Jun 17)
- RE: redhat audit Trevor Cushen (Jun 19)