[Plug-security] forensic analysis

[wconrad@sprintmail.com]

> A good sequence might be 'l' (kill everything), then 's' (sync), then
> 'u' (unmount), then 'o' (halt) or 'b' (reboot).

By the way, I just tested this, and you do NOT want to do 'l' first --
once you do that, the magic SysReq key is dead and you can't do the
sync or unmount.  Instead, perhaps you want to do 'e' or 'i'.  Or just
go straight to 's' (because perhaps killing a process would trigger
the intruder's nasties).