On Sat, 4 Jul 2009, skommar21 wrote:
> Hi All,
>
> How can one detect/ Check whether his system has been
> intruded?
>
>
> can any body please explain the task / activities required to
> check whether his system has been compromised.
>
>
> Are there any good open source software which are good
> detecting sypware, Mal ware and other forms which are threat
> to data .
>
> Thanks sridhar
>
Yes, one can !
You need to run a Intrusion detection system like - Bro, Prelude
or Snort, depending on the deployment architecture.
The first task or activity you need to do, to do investigation
or forensics on the system is to take it offline and shut it
down. Next step would be to mount the disk of the system
externally and start the investigations
. review of logs
. service confs
etc.
What exactly is the situation you are facing ?
thanks
Saifi.
