SUMMARY: I need know how detect a intrusive!! from Alexander Ordonez on 2001-07-06 (tru64-unix-managers)

From: Alexander Ordonez <aordonez_at_ccss.sa.cr>
Date: Thu, 05 Jul 2001 09:12:23 -0600

Thanks all.

Jim Belonis, http://www.washington.edu/People/dad/ is very good!!!

Kjell Andresen
http://www.cert.org/tech_tips/intruder_detection_checklist.html thanks!!!

Eubank, Chris thank for its!!
/var/adm/syslog.dated
/var/adm/messages
run "last -10" to find user
run "netstat -an |more" to see active connections on network

J Bacher thank for you help
This command work fine!!!
#netstat

and view the connections by port

Run:

#ps -Af

and see if there are in programs that you did not intend to run or are
running out of a different location/port/UID, etc.

Run:

#last |more

and check to see if the utmp/wtmp files are intact and may report
unexpected or unauthorized logins

Run:

#checksum

on critical programs comparing the checksum to other programs of the same
release to see if they are the same

Review:

/var/adm/syslog.dated/*

and look for unusual activity that may identify how an intruder may have
gained access to your system.

Force:

a core dump of the information in memory.

in general thank all!1 for your help!!

_at_lex
------------------------------------------------------------
  Lic. Alexander Ordóñez Arroyo
  Caja Costarricense del Seguro Social
  Soporte Técnico - División de Informática
  Telefono: 295-2004, San José, Costa Rica
  Aordonez_at_ccss.sa.cr

------------------------------------------------------------
UNIX is very user friendly,
It's just very particular about who it makes friends with.

> -----Mensaje original-----
> De: Alexander Ordonez [SMTP:aordonez_at_ccss.sa.cr]
> Enviado el: Miércoles 4 de Julio de 2001 03:01 PM
> Para: 'tru64-unix-managers_at_ornl.gov'
> Asunto: I need knox how detect a intrusive!!
> Importancia: Alta
>
> Hi gurus,
> I need help urgent.
> I have a intrusive in my server, i need know how detect !!!
> what file check??
>
>
> _at_lex
> ------------------------------------------------------------
> Lic. Alexander Ordóñez Arroyo
> Caja Costarricense del Seguro Social
> Soporte Técnico - División de Informática
> Telefono: 295-2004, San José, Costa Rica
> Aordonez_at_ccss.sa.cr
>
> ------------------------------------------------------------
> UNIX is very user friendly,
> It's just very particular about who it makes friends with.
>
Received on Thu Jul 05 2001 - 15:18:18 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT