>> 1) Don't log in as root on a machine that most likely has been >> compromised. Bsd things can happen. > You have to login as root to shutdown the system. You don't want to > 'just turn it off' since you can loose [sic] data. How? What does just turning it off potentially lose me? At most, I think, it risks a little filesystem damage. Unfortunately shutting down risks more, especially since if there are files open but unlinked, I want to know what's in them! If I take the disk offline - or, equivalently, just power the system off - then I can use fsck -n or iorphan to find such files and dumpi to look at them. If I shut down "cleanly", they will get destroyed. Preferable to either, from an information preservation perspective, is to forcibly crash the system, so as to get a kernel coredump. This may or may not be worth the effort, depending on such things as whether anyone is available with the skill, time, and inclination to grovel through it looking for evidence. der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:33 PDT