Unix Solaris server breached


 
Thread Tools Search this Thread
# 1  
Unix Solaris server breached

what approach can be taken on how you can investigate a reported breach and confirm whether the breach occurred or not. As of now it cannot be confirmed if the breach occured but its been reported that some key system files have been deleted.
# 2  
Must assume that this is a Commercial Computing question and not a homework or interview question.

Let's assume that you have taken basic precautions and that the system is still running.

1) Disable LAN access to the computer immediately while you look. Pull the LAN cable and work from the system console. Change the root password from the physical console (in case your LAN has been compromised). A hacker will not expect this and you may stop the hacker covering his tracks.
2) Use lastb to look for repeated failed login attempts and hopefully get an IP Address. Also look for unexpected IP addresses in last.
3) Look at sulog for unauthorised elevation of privilege.
4) Look at Shell History for all root sessions and look for unauthorised commands. You do record them don't you?
5) Look at dmesg because many hackers forget this one.
6) Look at messages/syslog file for unexpected logged events.

Once you know where the hack came from, block it on your network firewall.
This User Gave Thanks to methyl For This Post:
# 3  
Thank you for your quick response.. that will surely help i hope.
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Science: Computers
Difficulty: Easy
The logo for Snapchat is a Bell.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Sun Ray 3 UNIX Lab not connected to Solaris 10 Server

All 30 of my students in the Linux Lab here at school have the same message showing on their screen when they try to log into the server. How can we Authenticate the Server and fix the missing specific parameters on the Solaris Server to fix this issue ?? (6 Replies)
Discussion started by: mwilliams21z
6 Replies

2. Solaris

Validate mountpoints on solaris server after server reboot

Hi, anyone please let us know how to write shell script to find the missing mountpoints after server reboot. i want to take the mountpount information before server reboot, and validate the mountpoints after server reboot if any missing.please let us know the shell script from begining to end as... (24 Replies)
Discussion started by: VenkatReddy786
24 Replies

3. Shell Programming and Scripting

I need to move files from one UNIX server to another UNIX server.

Hi, I have two unix servers i need to move files from one server to another. For example: i have some files in Server1 and i want to run script in server2 to move files from server1. Any suggestion Thanks in advance (1 Reply)
Discussion started by: karingulanagara
1 Replies

4. Shell Programming and Scripting

Find and delete files and folders which are n days older from one unix server to another unix server

Hi All, Let me know how can i find and delete files from one unix server to another unix server which are 'N' days older. Please note that I need to delete files on remote unix server.So, probably i will need to use sftp, but question is how can i identify files and folders which are 'N'... (2 Replies)
Discussion started by: sachinkl
2 Replies

5. Shell Programming and Scripting

Connecting to multiple unix server from unix server using shell script

Hi Gurus, I'm a unix newbie and I would like to connect to multiple unix servers from unix server using shell script i.e from server a to server b,c,d etc. I want to copy the files from unix server a to server b, c, d. I can access staright using ssh without the need to have password and user... (5 Replies)
Discussion started by: sexyTrojan
5 Replies

6. UNIX for Dummies Questions & Answers

To copy a file from one unix server to another unix server through scripts

I am getting the fallowing error when i am trying to execute the scp commomd in shell script warning: You have no controlling tty. Cannot read confirmation. warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Key exchange failed.). scp2: warning: ssh2... (1 Reply)
Discussion started by: manit
1 Replies

7. UNIX for Dummies Questions & Answers

copying directories from NT server to Unix server (solaris 5.8)

I need to copy around 30 directories (each directory include one or more text file(s)) from NT server to Unix server at one go. For doing this what are the privillages i should have in both NT and Unix server. Please let me know which command i can use in shell prompt. TIA. (4 Replies)
Discussion started by: jhmr7
4 Replies

8. Shell Programming and Scripting

How to connect unix server to unix server through shell scripts

Hi, I would like to connect UNIX server to UNIX server through shell scripts and i have some concepts . But i am totally confused how to connect UNIX server to UNIX server throuth running a script. It will be greatful to me if any buddy will help me. with simple example please. Thanks in... (2 Replies)
Discussion started by: phatan
2 Replies

9. Shell Programming and Scripting

How to connect unix server to unix server through shell scripts

Hi, I would like to connect UNIX server to UNIX server through shell scripts and i have some concepts . But i am totally confused how to connect UNIX server to UNIX server throuth running a script. It will be greatful to me if any buddy will help me. Thanks in advance. Phatan:) (2 Replies)
Discussion started by: phatan
2 Replies

10. Shell Programming and Scripting

From Solaris UNIX to MS SQL Server

Hello, my problem is, that I want to send an SQL-Statement via ksh-Shell to an MS-SQL-Database based on SQL Server 2005. I want to receive a file, which can be used for further actions on UNIX (Sun OS 5.9). ODBCUnix and JDBC and FreeTDS are not allowed. Does anybody have a suggestion? Br,... (0 Replies)
Discussion started by: usagi67
0 Replies

Featured Tech Videos