Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Jun 2004 17:50:35 +0400
From:      Alex Povolotsky <tarkhil@webmail.sub.ru>
To:        freebsd-security@freebsd.org
Subject:   Re: Hacked or not ?
Message-ID:  <20040612175035.739bbfa4@tarkhil.over.ru>
In-Reply-To: <01b701c4507a$49399840$3501a8c0@pro.sk>
References:  <016301c4506e$947644e0$3501a8c0@pro.sk> <20040612114700.GA1082@lupe-christoph.de> <01b701c4507a$49399840$3501a8c0@pro.sk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 12 Jun 2004 14:39:21 +0200
"Peter Rosa" <prosa@pro.sk> wrote:

PR> But what about the /var/log/messages logs absence ?
PR> And, how to test the machine, if it is healthy ?

Boot from CD and compare md5 checksums on system files. That's the first step.

Compare your kernel sources with clean ones, rebuild kernel and compare it with the running one. If you're running GENERIC, compare it with the distributed one.

Compare /modules directory with distribution one.

Check your (and system) .profile or .login etc.

After this step, you should have reasonably clean system.

-- 
Alex.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612175035.739bbfa4>