Full Disclosure: Re: Linux - Indicators of compromise

[Григорий Братислава <musntlive () gmail com>]

On Sat, Jul 14, 2012 at 8:46 AM, Ali Varshovi <ali.varshovi () hotmail com> wrote:
> Greetings FD,
>
> Does anyone have any guidelines/useful material on analysis logs of a Linux machine to detect signs of compromise? 
> The data collection piece is not a challenge as a lot of useful information can be captured using commands and some 
> scripts. I'm wondering if there is any systematic approach to analyze the collected logs? Most of the materials I've 
> seen are more aligned to malware and rootkit detection which is not the only concern apparently.
>
> Thanks,
> Ali
Is in my experience is that I place two folders in directory in is
root folder called /root/MilaKunisLeakedPhotos/ and
/root/OlgaKurlyenko/ is when I see is accessed. Then I know is my
machine compromised. Everyone is want see Olga and Mila

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/