- Details
- Written by Jon Moore
Early this year, I discovered my server was acting... kinda wonky (details here). In short, I feared that my server had been hijacked for some other, nefarious purposes. After that, I decided to start a forensics analysis, detailed here. 8 months later, after much additional research, I am looking back at my notes and writing up my "final word" on the matter.
- Details
- Written by Jon Moore
In my ongoing desire to determine who/what/when/where/why my server had previously been compromised, I continue my analysis with the messages files and some other /var/log files.
- Details
- Written by Jon Moore
Here I go over the following files /etc/hosts*
This works out to 3 files total.
- Details
- Written by Jon Moore
In a bit of a panic, I moved all kinds of grub files, without fully realizing the consequences later on... In any case, I am going over the files that I do have, and noting what differences may exist. If there's anything that would cause my booting problems, it is likely the bootloader, grub.
- Details
- Written by Jon Moore
In this article I am examining the /var/log/auth.log file for any indication of what/what/when my server may have been compromised.
Page 1 of 2