On Wed, Jun 03, 2009 at 12:11:32AM +0700, Sthu Deus wrote: > Good day. > > Is there an utility or whatever that can monitor/log all the activities in OS > of the compromised machine to investigate the situation? > > And, what is more > important - could You share Your experience on how to illuminate from whence > the criminal got its root privileges?
In a manner that root cannot rewrite? Please state your assumptions here. (A reliable remote logging server?) > > Is it possible to log net activities through iptables? - I did try LOG target > but w/ no success. And you assume root cannot alter those rules? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
