[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SUMMARY: I need know how detect a intrusive!!

To: "'tru64-unix-managers@xxxxxxxx'" <tru64-unix-managers@xxxxxxxx>
Subject: SUMMARY: I need know how detect a intrusive!!
From: Alexander Ordonez <aordonez@xxxxxxxxxx>
Date: Thu, 05 Jul 2001 09:12:23 -0600
Delivered-to: tru64-unix-managers@sws1.ctd.ornl.gov
Followup-to: poster
Importance: high
Sender: tru64-unix-managers-owner@xxxxxxxx

Thanks  all.

Jim Belonis,  http://www.washington.edu/People/dad/ is very good!!!

Kjell Andresen
http://www.cert.org/tech_tips/intruder_detection_checklist.html thanks!!!

Eubank, Chris thank for its!!
/var/adm/syslog.dated
/var/adm/messages
run "last -10" to find user
run "netstat -an |more" to see active connections on network

J Bacher thank for you help
This command work fine!!!
#netstat

and view the connections by port

Run:

#ps -Af

and see if there are in programs that you did not intend to run or are
running out of a different location/port/UID, etc.

Run:

#last |more

and check to see if the utmp/wtmp files are intact and may report
unexpected or unauthorized logins

Run:

#checksum

on critical programs comparing the checksum to other programs of the same
release to see if they are the same

Review:

/var/adm/syslog.dated/*

and look for unusual activity that may identify how an intruder may have
gained access to your system.

Force:

a core dump of the information in memory.




in general thank all!1 for your help!!

@lex
------------------------------------------------------------
  Lic. Alexander Ordóñez Arroyo 
  Caja Costarricense del Seguro Social                             
  Soporte Técnico - División de Informática                     
  Telefono: 295-2004, San José, Costa Rica                    
  Aordonez@ccss.sa.cr

------------------------------------------------------------
UNIX is very user friendly, 
It's just very particular about who it makes friends with.


> -----Mensaje original-----
> De:	Alexander Ordonez [SMTP:aordonez@ccss.sa.cr]
> Enviado el:	Miércoles 4 de Julio de 2001 03:01 PM
> Para:	'tru64-unix-managers@ornl.gov'
> Asunto:	I need knox how detect a intrusive!!
> Importancia:	Alta
> 
> Hi gurus,
> I need help urgent.
> I have a intrusive in my server,  i need know how detect !!! 
> what file check?? 
> 
> 
> @lex
> ------------------------------------------------------------
>   Lic. Alexander Ordóñez Arroyo 
>   Caja Costarricense del Seguro Social                             
>   Soporte Técnico - División de Informática                     
>   Telefono: 295-2004, San José, Costa Rica                    
>   Aordonez@ccss.sa.cr
> 
> ------------------------------------------------------------
> UNIX is very user friendly, 
> It's just very particular about who it makes friends with.
>

Prev by Date: boot -file GENERIC
Next by Date: SUMMARY: cron - do something on the first Saturday of a month
Prev by thread: boot -file GENERIC
Next by thread: SUMMARY: cron - do something on the first Saturday of a month
Index(es):
- Date
- Thread