[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
Jeff Dike
jdike at karaya.com
Wed Nov 21 00:16:31 EST 2001
jen at dangerousideas.com said:
> Both are owned by root and set to read only. I assume this means they
> got root access?
Yup. You should assume this anyway after you've been broken into, even if
you have no evidence that they got root.
> Can people suggest tools I can use to probe vulnerabilities of my
> system?
Bastille Linux, if you're running a distro that it supports.
If you're the Debian type, I think a daily 'apt-get dist-upgrade' in cron
will keep you a step ahead of the bad guys.
And the tool you need right now is your distro's installation procedure,
because you need to wipe the machine's disks and completely reinstall it.
Jeff
More information about the Techtalk
mailing list