[Plug-security] forensic analysis
Jason
jkenner@mindspring.com
Thu, 28 Sep 2000 20:08:42 -0700
sinck@ugive.com wrote:
>
> \_
> \_ Well, you could make a command out of grep, ps, and cut, but then you
> \_ have to wonder if grep and cut are safe.
> \_
> \_ kill -9 `ps a|cut -c 1-5|grep -v $$`
>
> Wouldn't that shoot init (pid 1) and perhaps some of the kernel
> threads that should stick around.
At least on my linux box, kill -9 1 doesnt seem to do anything at all,
even when run as root.
Yes, it does completely hose the NFS, syslog, and other facilities,
but this is OK, as the reason this question was initially asked is
what to do before physically shutting the machine off... I suggested
killing everything, running sync, then unmounting the drives, then
powering it off to avoid having to run shutdown scripts while
simultaneously avoiding damage to filesystems.
--
jkenner @ mindspring . com__
I Support Linux: _> _ _ |_ _ _ _|
Working Together To <__(_||_)| )| `(_|(_)(_|
To Build A Better Future. | <s>