Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Our system was hacked
Special Forums Cybersecurity Our system was hacked Post 303037161 by MadeInGermany on Thursday 25th of July 2019 03:13:26 AM
Old 07-25-2019
Look in root's homedir for .history .bash_history or similar files.
Run the history command in the respective shell(s).

Ordinary system logins are listed with the last command.

Consult the system logs, for system access and unusual events.
Is there a su or sudo log in /var/log/ or /var/adm/?
Do you happen to have system accounting (sa) running?

Run netstat -a and look for LISTEN; what services are running that use the ports?
Do these services have extra logs?

How good is your root pw? The longer the better.
Did you switch from the 13byte Unix crypt to another crypt that allows longer pws?

Are you sure your system was hacked at all?
Maybe there was a fatal human error like
Code:
tar cf - dir | tar xf -

where the read files are already opened for writing, and such data corruptions can occur.
This User Gave Thanks to MadeInGermany For This Post:
drl
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

3. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

LEARN ABOUT OSF1

reboot

reboot(8)						      System Manager's Manual							 reboot(8)

NAME

       reboot - Restarts the machine

SYNOPSIS

       /usr/sbin/reboot [-dlnq]

DESCRIPTION

       When  the  system  is running and multiple users are logged in, use the shutdown -r command to perform a reboot operation.  If no users are
       logged in, use the reboot command.

       The reboot command normally stops all running processes, syncs the disks, logs the reboot,  and	writes	a  shutdown  entry  in	the  login
       accounting file, /var/adm/wtmp.

       The  reboot command uses the sync call to synchronize the disks, and to perform other shutdown activities such as resynchronizing the hard-
       ware time-of-day clock.	After these activities, the system reboots.  By default, the system starts and the file systems are  automatically
       checked.  If the start-up activities are successful, the system comes up in the default run-level.

       You must have root privileges to use this command.  Using the -n flag can result in file system damage.

FLAGS

       Generates  a  crash  dump  of the system before halting it.  Can be used with any of the other flags.  Does not log the reboot using syslog
       Does not sync the disks or log the reboot using syslog Performs a quick reboot without first shutting down running processes; does not  log
       the reboot using syslog

EXAMPLES

       To  enable  the	default reboot action, enter: reboot This command causes the system to stop all running processes, sync the disks, log the
       shutdown, and perform other routine shutdown and reboot activities.  To shut down the system without logging the reboot, enter:	reboot	-l
       This  command  shuts  down  the	system and performs all shutdown and reboot activities, except logging the shutdown.  To reboot the system
       abruptly, enter: reboot -q This command reboots the system abruptly without shutting down running processes.

FILES

       Specifies the command path Specifies the login accounting file Specifies the path of the syslog daemon

RELATED INFORMATION

       Commands:  fsck(8), halt(8), init(8), savecore(8) shutdown(8), syslogd(8)

       Functions:  reboot(2), sync(2), syslog(3) delim off

																	 reboot(8)
All times are GMT -4. The time now is 05:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy