Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to know when you've been hacked
Special Forums Cybersecurity How to know when you've been hacked Post 29209 by LivinFree on Tuesday 1st of October 2002 07:09:10 PM
Old 10-01-2002
A lot of security-folk will tell you to clone the drive, and peek at that. For official evidence sake, let the proper authorities have the original disk that you have not tampered with.

Also, this stuf must be planned out way in advace... you shouldn't be reactive in a security policy. Everyone should be involved, as frustrating as that is bound to be: Lawyers, Managers, Technicians, Operators - everyone has something to offer.

I recommend subscribing to Bugtraq if you have the time to read it all - also, the other lists hosted by Security Focus are great. You'll get a chance to see how people are cleaning these incidents up, and see where mistakes have been made.
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

3. Cybersecurity

Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system. Within 24 hours, the following happened. The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None... (3 Replies)
Discussion started by: jgt
3 Replies

LEARN ABOUT OSF1

db_recover

db_recover(8)						      System Manager's Manual						     db_recover(8)

NAME

       db_recover - Restores the database to a consistent state (Enhanced Security)

SYNOPSIS

       /usr/tcb/bin/db_recover [-cv] [-h home]

FLAGS

       Failure	was  catastrophic.   Specify  a  home  directory for the database.  The correct directory for enhanced security is /var/tcb/files.
       Write out the pathnames of all of the database log files, whether or not they are involved in active transactions.  Run in verbose mode.

DESCRIPTION

       A customized version of the Berkeley Database (Berkeley DB) is embedded in the operating system to provide high-performance  database  sup-
       port  for  critical security files.  The DB includes full transactional support and database recovery, using write-ahead logging and check-
       pointing to record changes.

       The db_recover utility runs after an unexpected system failure to restore the security database	to  a  consistent  state.   All  committed
       transactions  are  guaranteed  to  appear after db_recover has run, and all uncommitted transactions are completely undone.  DB recovery is
       normally performed automatically for the security files as part of system startup.

       In the case of catastrophic failure, an archival copy, or snapshot of all database files must be restored along with all of the	log  files
       written since the database file snapshot was made.  (If disk space is a problem, log files may be referenced by symbolic links).

       If the failure was not catastrophic, the files present on the system at the time of failure are sufficient to perform recovery.

       If  log	files  are missing, db_recover identifies the missing log files and fails, in which case the missing log files need to be restored
       and recovery performed again.

       The db_recover utility attaches to one or more of the Berkeley DB shared memory regions.  In order to avoid region  corruption,	it  should
       always be given the chance to detach and exit gracefully.  To cause db_recover to clean up after itself and exit, send it an interrupt sig-
       nal (SIGINT).

RETURN VALUES

       The db_recover utility exits 0 on success, and >0 if an error occurs.

ENVIRONMENT VARIABLES

       If the -h option is not specified and the environment variable DB_HOME is set, it is used as the path  of  the  database  home.	 The  home
       directory for security is /var/tcb/files.

FILES

       /var/tcb/files/auth.db

       /var/tcb/files/dblogs/*

RELATED INFORMATION

       Commands: db_archive(8), db_checkpoint(8), db_printlog(8), db_dump(8), db_load(8), db_stat(8), secconfig(8) delim off

																     db_recover(8)
All times are GMT -4. The time now is 02:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy