Date: Wed, 13 Aug 1997 20:24:02 -0400 (EDT) From: "Bradley E. Reynolds" <breynolds@harborcom.net> To: Jeff Aitken <jaitken@aitken.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: post-break-in checklist? Message-ID: <Pine.BSF.3.96.970813202212.14253A-100000@ns2.harborcom.net> In-Reply-To: <199708120324.XAA27102@eagle.aitken.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> As far as FreeBSD goes, I've got the CDs and know about mtree, but > I'm looking for a more generic "these are the sorts of things to > look for if you suspect a security violation" just to be sure I'm > not overlooking anything. (FWIW, the machine(s) which were > compromised have been reinstalled from scratch anyway). > > Additionally, where might I find a list of all "security" issuse > since 2.2.2-R was released? I looked in > > ftp://freebsd.org/pub/CERT/advisories > > but only turned up 4 advisories from 1997, all of which were patched > prior to the release of 2.2.2. > Well, try looking up the BUGTRAQ archives and be sure to look for things like BSD 4.4 also (you may have been looking for 2.2.2 or something like that). As for finding an intruder, look for setuid root shells and the like. Bradley Reynolds breynolds@harborcom.net ber@cwru.edu PGP Fingerprint: 73 17 77 08 8A 72 DB 45 76 28 C5 5A 97 52 26 PGP Public Key: http://www.harborcom.net/~breynolds/pgp.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970813202212.14253A-100000>