The first step: disconnected, wireless and wired to disconnect
Step Two: Analyze the login file information and search for possible intrusion paths
After being invaded, it is never re-installed, but also to analyze the causes and ways of the host being invaded, if the problem points are found, it may make your host more secure later, but also improve their Linux level.
If you don't know how to find the way, the same thing can happen next time. General :
(1) : You can find each other by analyzing some of the major login files ip :/var/log/messages and /var/log/secure file. You can also use the last command to find information about the last person logged in.
(2) , check the host open service : many Linux administrators do not know how many services are open on their hosts, and each service has an enhanced or tested feature that is vulnerable or should not be started. Identify the services on the system, check the service for vulnerabilities, or errors on the settings, individually.
(3) , important data backup
The so-called important data is the original data on non- Linux . Data such as /etc/passwd,/etc/shadow,WWW Web page, /Home user files in the /etc/* , /usr/ , / var the data in the directory should not be backed up.
(4) , System Reload
It is important to select the appropriate package and not to install all the packages.
(5) , packet vulnerability patching
After installation, to update the system package immediately, update and then set the firewall mechanism, while shutting down some unnecessary services, finally plug in the network cable.
(6) , turn off or uninstall services that you do not need
The fewer services you start, the more likely the system will be compromised.
(7) , data recovery and recovery services settings
The backed up data is copied back to the system, and then the provided service is opened again.
(8) , open the host to the network
timely processing of the server is the intrusion problem, although the remedial, but can minimize the loss, to avoid the company's business to cause greater impact.
This article is from the "︵ rice 愺 incompatible materials oxidizing ☆" blog, please be sure to keep this source http://linxm.blog.51cto.com/10966682/1738619
What do you do when a company server is hacked?