LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Analysis a Linux Server that has been compromised. (https://www.linuxquestions.org/questions/linux-security-4/analysis-a-linux-server-that-has-been-compromised-4175564233/)

hack3rcon 01-18-2016 01:22 AM
Analysis a Linux Server that has been compromised.
 
Hello.
Is a Linux server has been hacked then which tools are needed for Track the hackers and...?
Can anyone tell me which parts must be analysis? Are Logs enough?

Thank you.

business_kid 01-18-2016 07:21 AM
No. You need the installation and the logs. You can use a copy of the install, properly made. I would retire the original drive and update, and lock down on one pc while4 analyzing on another.
Have you done any basic work like running rkhunter?

hack3rcon 01-18-2016 08:39 AM
Quote:
Originally Posted by business_kid (Post 5480242)
No. You need the installation and the logs. You can use a copy of the install, properly made. I would retire the original drive and update, and lock down on one pc while4 analyzing on another.
Have you done any basic work like running rkhunter?
I mean is that someone ask you to examine their Server and find the hacker, what should you do?

JockVSJock 01-18-2016 04:47 PM
Kind of what was automatically recommended.

-Get a snapshot of what is running in memory
-Unplug from network
-Analyze what was captured

Most would recommend using https://www.kali.org/


All times are GMT -5. The time now is 04:47 PM.