Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

scrottie (4167)

scrottie
  scott@slowass.net
http://slowass.net/

My email address is scott@slowass.net. Spam me harder! *moan*

Journal of scrottie (4167)

Tuesday August 17, 2010
12:30 AM

How I spent my day today (or, slowass.net pops a hole)

[ #40501 ]

1. Ran backups
2. Verified integrity of ssh on my local system versus last backup; changed local passwords
3. Verified integrity of my linode chpass with md5sum versus previous backup
4. Locked accounts; fixed changes to shell for system programs, removed additional accounts, changed passwords
5. Killed root processes and shells; accounted for all of the shells and processes in ps
6. Compared md5sums of everything in ps, login shells, rsync, inetd, su, vmlinuz, ps and various things between previous backup and current
7. compared nmap to netstat -lnp; accounted for netstat -lnp entries
8. Ran find to find setuid/setgid programs; verified no additional ones exist; ran md5sum against existing ones
9. Replace sshd, ssh and their config files and host keys; restarted sshd; relogged and changed passwords
10. Upgrade sshd
11. Killed .ssh directories
12. Temporarily took some services down until I can decide if I trust/replace them (squid, cron, sendmail)
13. diff -r'd between the two backups; read through the output to account for all changes to the system (new files and changed files) (several notable)
14. Ran find to find world writable files; ran find to find device files in the wilds of the filesystem

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.