Thank You for Your time and answer, Tzafrir: > > And, what is more > > important - could You share Your experience on how to illuminate from whence > > the criminal got its root privileges? > > In a manner that root cannot rewrite? > > Please state your assumptions here. > > (A reliable remote logging server?)
Yes. Or emailing program that sends some states of OS. > > Is it possible to log net activities through iptables? - I did try LOG > > target but w/ no > And, what is more > important - could You share Your experience on how to illuminate from whence > the criminal got its root privileges? In a manner that root cannot rewrite? Please state your assumptions here. (A reliable remote logging server?) > > Is it possible to log net activities through iptables? - I did try LOG target > but w/ no success. And you assume root cannot alter those rules?success. > > And you assume root cannot alter those rules? I suppose that the criminal is not always and everywhere - he needs time that can be for benefit to me, or he may have his interest in something specific, say, emailing spam - and almost nothing more... It is just guessing, still I believe there is something that can help track him in some degree, and then, may be, it is possible to understand from whence he got his entrance on as I suppose well protected machine. Or let's view this from another point: we have set up a new server (we use the same hardware - just have formated entire HDD) - how we can now be sure that it is secure enough - for we have not found the way the criminal got in. Or is there an utility that can inspect the OS regarding the services the OS running? - Something similar to rkhunter does for ssh, say, but for other services: apache, for example, or, postfix, or ftp, etc. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
