Hacked or not ?
Alex Povolotsky
tarkhil at webmail.sub.ru
Sat Jun 12 13:52:14 GMT 2004
On Sat, 12 Jun 2004 14:39:21 +0200
"Peter Rosa" <prosa at pro.sk> wrote:
PR> But what about the /var/log/messages logs absence ?
PR> And, how to test the machine, if it is healthy ?
Boot from CD and compare md5 checksums on system files. That's the first step.
Compare your kernel sources with clean ones, rebuild kernel and compare it with the running one. If you're running GENERIC, compare it with the distributed one.
Compare /modules directory with distribution one.
Check your (and system) .profile or .login etc.
After this step, you should have reasonably clean system.
--
Alex.
More information about the freebsd-security
mailing list