Documentation< Previous | Contents | Next >
10.5.8. Recovering from intrusion
In short, stay calm. Then take the following actions in this order:
• Disconnect the machine from the network.
• Try to find out as much as you can about how your security was breached.
• Backup important non-system data. If possible, check these data against existing backups, made before the system was compromised, to ensure data integrity.
• Re-install the system.
• Use new passwords.
• Restore from system and data backups.