Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to know when you've been hacked
Special Forums Cybersecurity How to know when you've been hacked Post 29209 by LivinFree on Tuesday 1st of October 2002 07:09:10 PM
Old 10-01-2002
A lot of security-folk will tell you to clone the drive, and peek at that. For official evidence sake, let the proper authorities have the original disk that you have not tampered with.

Also, this stuf must be planned out way in advace... you shouldn't be reactive in a security policy. Everyone should be involved, as frustrating as that is bound to be: Lawyers, Managers, Technicians, Operators - everyone has something to offer.

I recommend subscribing to Bugtraq if you have the time to read it all - also, the other lists hosted by Security Focus are great. You'll get a chance to see how people are cleaning these incidents up, and see where mistakes have been made.
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

3. Cybersecurity

Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system. Within 24 hours, the following happened. The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None... (3 Replies)
Discussion started by: jgt
3 Replies

LEARN ABOUT DEBIAN

tomoyo-savepolicy

TOMOYO-SAVEPOLICY(8)					  System Administration Utilities				      TOMOYO-SAVEPOLICY(8)

NAME

       tomoyo-savepolicy - save TOMOYO Linux policy

SYNOPSIS

       tomoyo-savepolicy [directory]

       tomoyo-savepolicy [directory] [remote_ip:remote:port]

DESCRIPTION

       This program saves TOMOYO Linux policy onto disk from kernel memory.

       The directory /etc/tomoyo/policy/YY-MM-DD.hh:mm:ss is created with four files inside: domain_policy.conf, exception_policy.conf,
       profile.conf, and manager.conf. The symbolic links /etc/tomoyo/policy/previous and /etc/tomoyo/policy/current are updated to point to the
       previous and current YY-MM-DD.hh:mm:ss directories respectively.

       The following symbolic links should exist within the /etc/tomoyo directory:

	 domain_policy.conf -> policy/current/domain_policy.conf
	 exception_policy.conf -> policy/current/exception_policy.conf
	 profile.conf -> policy/current/profile.conf
	 manager.conf -> policy/current/manager.conf
	 policy/current -> policy/YY-MM-DD.hh:mm:ss
	 policy/previous -> policy/YY-MM-DD.hh:mm:ss

       You can therefore access the current policy files without having to descend into subdirectories, and without having to determine which
       YY-MM-DD.hh:mm:ss directory is the most recent.

       If the policy type is specified, this program works similar to cat(1).

OPTIONS

       -e  Print /sys/kernel/security/tomoyo/exception_policy to standard output.

       -d  Print /sys/kernel/security/tomoyo/domain_policy to standard output.

       -p  Print /sys/kernel/security/tomoyo/profile to standard output.

       -m  Print /sys/kernel/security/tomoyo/manager to standard output.

       -s  Print /sys/kernel/security/tomoyo/stat to standard output.

       directory
	   Save policy to an alternative directory, rather than the default /etc/tomoyo directory.

       remote_ip:remote_port
	   Save policy on a remote system via an agent waiting at port remote_port on IP address remote_ip.

EXAMPLES

       Save policy to disk
	     tomoyo-savepolicy

       Print "/sys/kernel/security/tomoyo/exception_policy" to standard output
	     tomoyo-savepolicy -e

       Retrieve policy from a remote system and save in a local directory
	     tomoyo-savepolicy /etc/tomoyo/192.168.1.1/ 192.168.1.1:10000

BUGS

       If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.

AUTHORS

       Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	   Main author.

       Jamie Nguyen <jamie@tomoyolinux.co.uk>
	   Documentation and website.

SEE ALSO

       tomoyo-editpolicy-agent(8), tomoyo-loadpolicy(8)

       See <http://tomoyo.sourceforge.jp> for more information.

tomoyo-tools 2.5.0						    2012-04-14						      TOMOYO-SAVEPOLICY(8)
All times are GMT -4. The time now is 03:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy