Abdelkader Belahcene wrote:
Thanks,
I am simpler user on laptop, with ssh server running. Ther is no
important data on my laptop!!!
Suddenly my Desktop froze,
I changed the screen (CTRL+ALT+F1), I noticed that I was logout, so
something jected me!!!
I restart the gdm, after that I continued normally.
I never had this kind of problem, before I was not connected directly
to Internet, now I am. For this reason I doubt, moreover my password
is not strong enough.
Ok, Now I want to know where to find, any indication, if any, for intrusion.
grep sshd /var/log/auth.log
That should tell you if somebody logged in to your system remotely. Note
that unless the attacker was not able to gain root access, it is likely
that the log file might have been wiped clean of traces.
thanks again
best regards
bela
2008/12/30 abdelkader belahcene <abelahc...@gmail.com>:
Hi,
I fear that an attack or an entry in my PC has occured, how to find the
trace of the attacks.
thanks a lot
It really depends upon what you suspect occurred,and how, and what the
machine is responsible for. Be more specific.
1) Why do you suspect that your machine was compromised?
2) What does the machine do? Desktop machine? Sensitive nuclear
secrets database?
3) Does the computer contain information that, if leaked, could
compromise your organization?
4) Does the computer contain information that, if erased, could be a
liability to your organization?
5) How recent is your last backup that is known to be from before the breach?
6) Is identifying the attacker a priority?
You should probably consult a forensics expert if this is anything
other than a home desktop.
--
If you can't explain it simply, you don't understand it well enough.
-- Albert Einstein
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
