On Wed, 27 Sep 2000, Alvin Oga wrote: > egrep -i "failed|failure|refused|not allowed|illegal > port|blocked|denied|passwd"\ > /var/log/messages*
There is not much to gain by this. If the information is found in your logfile, they didn't get in :} > check the binaries tooo... > top, ps, ls, last, w, who, netstat, passwd, login, etc... Absolutely do this. I've seen rootkits these days that modify the startup scripts too.
