[Gllug] Ways to check for a crack?
Paul Nasrat
pauln at truemesh.com
Tue Nov 19 11:19:04 UTC 2002
On Tue, Nov 19, 2002 at 10:25:28AM +0100, Neil Fryer wrote:
> Hi All
>
> I need some help on this one please, what are the ways that you would check
> to see if a system has been cracked?
If you think it is unplug and isolate the system.
The coroner's toolkit is a very good forensic tool, and also there is
some advise about what to do when rooted.
http://www.fish.com/tct/help-when-broken-into
http://www.porcupine.org/forensics/tct.html
Some goodies from cert
http://www.cert.org/security-improvement/modules/m06.html
http://www.cert.org/security-improvement/modules/m09.html
http://www.cert.org/tech_tips/root_compromise.html
Paul
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list