[SWLUG] Have I been hacked?

Gerald Davies gerald.davies at gmail.com
Tue Jun 29 13:36:23 UTC 2010


On Tue, Jun 29, 2010 at 12:40, Toby Maxwell-Lyte
<toby.maxwelllyte at gmail.com> wrote:
> Try running something like http://www.chkrootkit.org/
>

yeah, agree, i...

- make sure my f/w rules are tight for ipv4 and 6 is blocked for now.
- run fail2ban
- run logcheck & autolog which email me.
- run chrootkit and rkhunter nightly which, again, email me.
- try not to run any insecure code/scripts
- cron-apt to email me of updated packages.

probably add to that things like tripwire, etc. bit late now - i'd
probably hose the box if i thought it had been rooted in case someone
had messed with the binaries/logs.



More information about the Swlug mailing list