Date: Sun, 13 Jun 2004 19:17:14 +0300 From: Alexander Yeremenko <ay@wnet.ua> To: Alex Povolotsky <tarkhil@webmail.sub.ru> Cc: freebsd-security@freebsd.org Subject: Re: Hacked or not ? Message-ID: <20040613161714.GA24325@lakshmi.kiev.ua> In-Reply-To: <20040612175035.739bbfa4@tarkhil.over.ru> References: <016301c4506e$947644e0$3501a8c0@pro.sk> <20040612114700.GA1082@lupe-christoph.de> <01b701c4507a$49399840$3501a8c0@pro.sk> <20040612175035.739bbfa4@tarkhil.over.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 12, 2004 at 05:50:35PM +0400, Alex Povolotsky wrote: > On Sat, 12 Jun 2004 14:39:21 +0200 > "Peter Rosa" <prosa@pro.sk> wrote: > > PR> But what about the /var/log/messages logs absence ? > PR> And, how to test the machine, if it is healthy ? > > Boot from CD and compare md5 checksums on system files. That's the first step. I'm running a frequent script, evaluating md5 for binaries, libs etc, and reports isn't something changed -- AY7-UANIC || AY15-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040613161714.GA24325>