From owner-freebsd-security Mon Aug 11 20:24:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id UAA22820 for security-outgoing; Mon, 11 Aug 1997 20:24:46 -0700 (PDT) Received: from eagle.aitken.com (jaitken@eagle.aitken.com [209.12.7.49]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA22780 for ; Mon, 11 Aug 1997 20:24:37 -0700 (PDT) Received: (from jaitken@localhost) by eagle.aitken.com (8.8.5/8.8.5) id XAA27102 for freebsd-security@freebsd.org; Mon, 11 Aug 1997 23:24:35 -0400 From: Jeff Aitken Message-Id: <199708120324.XAA27102@eagle.aitken.com> Subject: post-break-in checklist? To: freebsd-security@freebsd.org Date: Mon, 11 Aug 1997 23:24:34 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL26 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As I recall, someone posted a post-breakin-checklist awhile back (I seem to think it was Karl Denninger, but I'm not sure). Anyway, I neglected to save a copy of it, and was wondering if anyone had such a beast handy. As far as FreeBSD goes, I've got the CDs and know about mtree, but I'm looking for a more generic "these are the sorts of things to look for if you suspect a security violation" just to be sure I'm not overlooking anything. (FWIW, the machine(s) which were compromised have been reinstalled from scratch anyway). Additionally, where might I find a list of all "security" issuse since 2.2.2-R was released? I looked in ftp://freebsd.org/pub/CERT/advisories but only turned up 4 advisories from 1997, all of which were patched prior to the release of 2.2.2. -- Jeff Aitken jaitken@aitken.com