Peter Pankonin wrote:
On Tuesday 31 August 2004 06:51 pm, Matthew Kent wrote:
I don't *think* anyone has broken in yet, but I can't be sure.
As root, type "last" (without the quotes). Of course good hackers will have
covered their tracks and cleaned up after themselves...
From "man last":
Last searches back through the file /var/log/wtmp (or the file desig-
nated by the -f flag) and displays a list of all users logged in (and
out) since that file was created.
I've never done it before, but I believe there are some standard kits to
check for signs of a rooting.
chkrootkit, http://www.chkrootkit.org/
I've heard that it is only possible to be really sure if you have a
guaranteed clean copy of the basic UNIX utilities, because skilled
hackers will replace some of the utilities chkrootkit uses with hacked
copies that will cover their actions. Any suggestions on how to do this?
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
