Results 1 to 3 of 3
  1. #1

    Intruder Detection Checklist

    Intruder Detection Checklist


    Look for Signs That Your System May Have Been Compromised

    Examine log files
    Look for setuid and setgid Files
    Check system binaries
    Check for packet sniffers
    Examine files run by 'cron' and 'at'.
    Check for unauthorized services
    Examine /etc/passwd file
    Check system and network configuration
    Look everywhere for unusual or hidden files
    Examine all machines on the local network

    Review Other CERT Documents

    CERT Summaries
    ``Steps for Recovering from a UNIX Root Compromise''
    Contacting CERT/CC

  2. #2

    Intruder Detection Checklist

  3. #3

    Intruder Detection Checklist

    Revision History

    This document outlines suggested steps for determining if your system has been compromised. System administrators can use this information to look for several types of break-ins. We encourage you to review all sections of this document and modify your systems to close potential weaknesses.

    In addition to the information in this document, we provide three companion documents that may help you:
    contains suggestions for avoiding common UNIX system configuration problems that have been exploited
    contains suggested steps for recovering from a root compromise on a

    UNIX system
    contains descriptions of tools that can be used to help secure a system and deter break-ins

    We also encourage you to check with your vendor(s) regularly for any updates or new patches that relate to your systems.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts