Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to know when you've been hacked
Special Forums Cybersecurity How to know when you've been hacked Post 29209 by LivinFree on Tuesday 1st of October 2002 07:09:10 PM
Old 10-01-2002
A lot of security-folk will tell you to clone the drive, and peek at that. For official evidence sake, let the proper authorities have the original disk that you have not tampered with.

Also, this stuf must be planned out way in advace... you shouldn't be reactive in a security policy. Everyone should be involved, as frustrating as that is bound to be: Lawyers, Managers, Technicians, Operators - everyone has something to offer.

I recommend subscribing to Bugtraq if you have the time to read it all - also, the other lists hosted by Security Focus are great. You'll get a chance to see how people are cleaning these incidents up, and see where mistakes have been made.
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

3. Cybersecurity

Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system. Within 24 hours, the following happened. The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None... (3 Replies)
Discussion started by: jgt
3 Replies

LEARN ABOUT LINUX

deallocate

deallocate(1)                                                                                                                        deallocate(1)

NAME

       deallocate - device deallocation

SYNOPSIS

       deallocate [-s] device

       deallocate [-s] [-F] device

       deallocate [-s] -I

       The  deallocate utility deallocates a device allocated to the evoking user. device can be a device defined in  device_allocate(4) or one of
       the device special files associated with the device. It resets the ownership and the permission on all device special files associated with
       device, disabling the user's access to that device. This option can be used by an authorized user to remove access to the device by another
       user. The required authorization is solaris.device.allocate.

       When deallocation or forced deallocation is performed, the appropriate device cleaning program is  executed,  based  on  the   contents  of
       device_allocate(4).  These cleaning programs are normally stored in /etc/security/lib.

       The following options are supported:

       device          Deallocate the device associated with the device special file specified by device.

       -s              Silent. Suppresses any diagnostic output.

       -F device       Forces  deallocation of the device associated with the file specified by device. Only a user with the solaris.device.revoke
                       authorization is permitted to use this option.

       -I              Forces deallocation of all allocatable devices. Only a user with the solaris.device.revoke authorization  is  permitted  to
                       use this option. This option should only be used at system initialization.

       The following exit values are returned:

       non--zero       An error occurred.

       /etc/security/device_allocate

       /etc/security/device_maps

       /etc/security/dev/*

       /etc/security/lib/*

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

       allocate(1), list_devices(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5)

       The  functionality  described  in  this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for
       more information.

       /etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment.

                                                                    28 Mar 2005                                                      deallocate(1)
All times are GMT -4. The time now is 08:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy