through the various files.) To determine which jail
Perhaps it’s something innocent, but it might be an intruder’s backdoor. Unexplained system problems are a hint as well. Many intruders are ham-fingered klutzes with few sysadmin skills; they use click-and-drool attacks and think that they’re tough. (Truly skilled intruders can not only clean up after themselves, but also ensure that the system has no problems so that you won’t be alerted.) Unexplained reboots might be a sign of a new kernel being installed. They might also be a sign of failing hardware or bad configuration, so they should be investigated anyway. There are two security tools I particularly recommend for becoming familiar with your system. The first is lsof(8) (/usr/ports/sysutils/lsof), which lists all open files on your computer. Reading this is an education in and of itself; you probably had no idea that your Web server opened so much crud. Seeing strange files open indicates that you’re either not familiar with your system or someone’s doing something you probably don’t want her to do. The second tool is nessus(8) (/usr/ports/security/nessus). It’s an automated vulnerability scanner. Running security audits on your own machines is an excellent way to see what an attacker might see on your systems. If You’re Hacked There’s no easy answer for what to do if your system is hacked. Huge books are written on the subject. Here are some general suggestions, however. First of all, a hacked system cannot be trusted. If someone has gained root access on your Internet server, she could have replaced any program on the system. Even if you close the hole she got in through, she could have installed a hacked version of login that sends your username and password to an IRC channel somewhere. Don’t trust your system. An upgrade will not cleanse your system, as even sysinstall and the compiler are suspect. Feel free to write FreeBSD-security@FreeBSD.org for some advice. Describe what you’re seeing, and why you think you’re hacked. Be prepared for the final answer, though: reinstall your operating system from known secure media (FTP or CD-ROM), and restore your data from backup. (You did read Chapter 3, right?) A good security process will increase your chances of never being hacked. Good luck. 184
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services