On Wed, Jun 03, 2009 at 12:11:32AM +0700, Sthu Deus wrote: > Good day. > > Is there an utility or whatever that can monitor/log all the activities in OS > of the compromised machine to investigate the situation? > > And, what is more > important - could You share Your experience on how to illuminate from whence > the criminal got its root privileges?
In a manner that root cannot rewrite? Please state your assumptions here. (A reliable remote logging server?) > > Is it possible to log net activities through iptables? - I did try LOG target > but w/ no success. And you assume root cannot alter those rules? -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
