Hacked or not ?
Alexander Yeremenko
ay at wnet.ua
Sun Jun 13 16:42:24 GMT 2004
On Sun, Jun 13, 2004 at 06:20:11PM +0000, Ondra Holecek wrote:
> On Sunday 13 June 2004 16:17, Alexander Yeremenko wrote:
> > On Sat, Jun 12, 2004 at 05:50:35PM +0400, Alex Povolotsky wrote:
> > > On Sat, 12 Jun 2004 14:39:21 +0200
> > > "Peter Rosa" <prosa at pro.sk> wrote:
> > >
> > > PR> But what about the /var/log/messages logs absence ?
> > > PR> And, how to test the machine, if it is healthy ?
> > >
> > > Boot from CD and compare md5 checksums on system files. That's the first
> > > step.
> >
> > I'm running a frequent script, evaluating md5 for binaries, libs
> > etc, and reports isn't something changed
>
> But, what if hacker modifies this script to not report changes, or change the
> original MD5 checksum
This smart hacker must know about this script :)
--
AY7-UANIC || AY15-RIPE
More information about the freebsd-security
mailing list