[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] pkg.nl.cobalt - Open SSH

Subject: RE: [cobalt-users] pkg.nl.cobalt - Open SSH
From: SM <nntp@xxxxxxxxx>
Date: Fri Jan 4 19:07:01 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,
At 15:56 04-01-2002 -0000, Liam Delahunty wrote:
>Please forgive the newbie question, but just out of interest, (as I do patch
>pretty much straight away), how would one know if the system has been
>compromised?

There isn't a point and click way to find out whether a system has been
compromised.  Keep an eye on the logs, the last logins, the processes which
are running and the ports which are listening.  The person can always alter
the logs, modify ps to hide what he/she doing.  You can do a md5 checksum
on the system binaries to see whether they have been tampered with.

Regards,
-sm

Follow-Ups:
- RE: [cobalt-users] pkg.nl.cobalt - Open SSH
  - From: Chris Demain
- [cobalt-users] [raq4] php source type
  - From: Kai Deecke
- Re: [cobalt-users] pkg.nl.cobalt - Open SSH
  - From: Jeff Lasman

References:
- Re: [cobalt-users] pkg.nl.cobalt - Open SSH
  - From: Gerald Waugh
- RE: [cobalt-users] pkg.nl.cobalt - Open SSH
  - From: Liam Delahunty

Prev by Date: [cobalt-users] configure: error: cannot guess build type
Next by Date: Re: [cobalt-users] Possibly OT: Maillog entries missing
Previous by thread: RE: [cobalt-users] pkg.nl.cobalt - Open SSH
Next by thread: RE: [cobalt-users] pkg.nl.cobalt - Open SSH

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index