boot -s - can i detect intruder
Eric Anderson
anderson at centtech.com
Tue Sep 16 05:40:17 PDT 2003
Nikolay Kanchev wrote:
>Thanks all
>
>I know that if someone have physical access to my servers can penetrade into
>them. And this is a reason to test this guys with this fake server. Some of
>them thinks that they are "hackers" and try to crack passwords, install
>backdors and etc. For now not very successfully ;-)
>
>I will try to mod the kernel, hardware keylogers are expensive for me.
>
>Test complete after one week and I'm not sure that I have time to mod
>kernel, but now I find one free security camera and will install it in the
>room with box and capture guys activity, that I will have a proof :-)
>
>
Why not start syslogd (even in single user mode) set to log to a remote
server? I doubt they unplug the network cable when going into single
user mode. You'll have to force the network interface up, and have it
start syslogd, but that should be it.
You can also force the / partition to be mounted rw in single user mode
(for catching someone it's probably ok, but I wouldn't leave it like that).
Eric
--
------------------------------------------------------------------
Eric Anderson Systems Administrator Centaur Technology
All generalizations are false, including this one.
------------------------------------------------------------------
More information about the freebsd-security
mailing list