0

I have a web server (Debian). I would like to know how to protect myself in case of hacking if a hacker changes commands such as netstat, ls.

I have to make a backup of such files as ls, netstat, and in case of a hack, return them and display the correct results (not hacked results). But these files are stored in /bin, /usr/bin and several other folders...

Where exactly can I make a backup of these commands, so that in case of substitution they can be returned? The question is probably stupid, but I would be grateful if someone could explain it to me.

Sorry for my English.

Sergei Hronov
  • 11
  • 2
  • 2
    When your server is hacked you reinstall it. There is no need to back up individual executables. – Gerald Schneider May 06 '21 at 12:23
  • @Gerald Schneider, thanks for the link to the question, I will definitely use the recommendations. I understand that after hacking, you need to install a new system. But I would like to find out the reason for the hack, for this I need a hacked system. In short, how to replace hacked commands with normal ones after hacking and disconnecting the server from the Internet? (I did not find anything about this)... – Sergei Hronov May 06 '21 at 13:04
  • When you are working in business environment, it is not reasonable to spend time studying how the hack was made. The best way is to restore from backups and keep the system properly updated. If one really wants to do forensic analysis of the compromised system, then you take a disk image of the system and analyze that image using tools designed for that. Forensics analysis is way too large a subject to be covered in Q&A site like serverfault. – Tero Kilkanen May 06 '21 at 15:19

0 Answers0