* Boris Lorenz;
A post mortem analysis of a host believed to be cracked is a MUCH, MUCH more complicated process than ANY secure installation of a Linux system could ever be. It takes YEARS for professional analysts before they're able to do their work properly, so personally I would not recommend that to a newbieish-to-security lifeform ;) (NO puns intended!)...
Well I think that was one of the reasons for the http://project.honeynet.org by going over the scans of the previous months I think you can learn a lot information which one day may be helpfull. Do not misunderstand me. It is also dangerous when the person is not ready to learn knowledgewise yet new information is provided, that person may mistakenly believe that he has acquired the knowledge and the skills while the reality he has not. This is also something not wanted. At least the above mentioned site by giving examples helps the novice or the experienced to practice and see his limitations. First of all the site says a default install Redhat 6.2 has maximum 72 hrs. before it is rooted and it is more often it takes only 8 . Good that I started with SuSE :-) -- Togan Muftuoglu