Discovering a system breach and recovering a breached system are not fun at all. However, knowing what to do in the case of a breach is critical - here are the steps to recovery.
No one wants their systems to be breached. No one wants their data stolen. And no one wants to recover a breached system. Neither discovery nor recovery are fun activities. In fact, I'd have to say that of all the horrible tasks facing you as a sysadmin, recovering a system from a malicious attack is the worst. In this article, I give you 12 steps to system recovery, some post-mortem tips, and a last resort option after you find that one or more of your systems has been compromised or breached.