Date: Sun, 13 Jun 2004 19:41:59 +0300 From: Alexander Yeremenko <ay@wnet.ua> To: Ondra Holecek <bln@bln.no-ip.org> Cc: freebsd-security@freebsd.org Subject: Re: Hacked or not ? Message-ID: <20040613164159.GA24448@lakshmi.kiev.ua> In-Reply-To: <200406131819.43297.> References: <016301c4506e$947644e0$3501a8c0@pro.sk> <20040612175035.739bbfa4@tarkhil.over.ru> <20040613161714.GA24325@lakshmi.kiev.ua> <200406131819.43297.>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 13, 2004 at 06:20:11PM +0000, Ondra Holecek wrote: > On Sunday 13 June 2004 16:17, Alexander Yeremenko wrote: > > On Sat, Jun 12, 2004 at 05:50:35PM +0400, Alex Povolotsky wrote: > > > On Sat, 12 Jun 2004 14:39:21 +0200 > > > "Peter Rosa" <prosa@pro.sk> wrote: > > > > > > PR> But what about the /var/log/messages logs absence ? > > > PR> And, how to test the machine, if it is healthy ? > > > > > > Boot from CD and compare md5 checksums on system files. That's the first > > > step. > > > > I'm running a frequent script, evaluating md5 for binaries, libs > > etc, and reports isn't something changed > > But, what if hacker modifies this script to not report changes, or change the > original MD5 checksum This smart hacker must know about this script :) -- AY7-UANIC || AY15-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040613164159.GA24448>