From owner-freebsd-questions Sun May 19 11:34:39 2002 Delivered-To: freebsd-questions@freebsd.org Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by hub.freebsd.org (Postfix) with ESMTP id BBC5637B410 for ; Sun, 19 May 2002 11:34:33 -0700 (PDT) Received: from pooh (mail@pooh.int [10.0.1.2]) by kanga.honeypot.net (8.12.3/8.12.3) with ESMTP id g4JIYQYv003719 for ; Sun, 19 May 2002 13:34:27 -0500 (CDT) (envelope-from kirk@strauser.com) Received: from kirk by pooh with local (Exim 3.35 #1 (Debian)) id 179VVi-0002dg-00 for ; Sun, 19 May 2002 13:34:26 -0500 To: freebsd-questions@freebsd.org Subject: Re: Step by step hacking recovery guide? References: From: Kirk Strauser Date: 19 May 2002 13:34:26 -0500 In-Reply-To: Message-ID: <87wuu03s25.fsf@strauser.com> Lines: 21 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2002-05-19T17:34:17Z, Brendan McAlpine writes: > A couple of my BSD boxes have been hacked into recently and I was > wondering is there was a guide out there that listed the things to look > for when you've been hacked and how to completely lock down the box. There are two detailed manuals on the FreeBSD website: http://www.freebsd.org/handbook/install.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html The first is the only *certain* way to secure your server. The second will *probably* repair any damage, but it's certainly possible that a well-entrenched cracker could subvert some of those systems. Other than that, you have my sympathies. There's really not much you can do. Given that you only know of recent intrusions, I wouldn't trust a older backup tape either. -- Kirk Strauser To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message