hi ya william yes....true that grepping is kinda silly....but i just want to see if anybody even tried...am gambling that most try but fail to get in... ( assuming too that they did not modify the log files and binaries etc ( to hide themself
i need to add *grep and lsof to that list to get a checksum of the binaries....even simple ls -l of the binaries is a good start and more importantly...save your "valuable data" on a 2nd system elsewhere rootkits is getting very good to hide itself... i think... getting harder to find if and how they got in... c ya alvin http://www.Linux-Consulting.com/Lsec...... our very first.."securityfest" to try to break into or defend virgin linux installs... On Wed, 27 Sep 2000, William T Wilson wrote: > On Wed, 27 Sep 2000, Alvin Oga wrote: > > > egrep -i "failed|failure|refused|not allowed|illegal > > port|blocked|denied|passwd"\ > > /var/log/messages* > > There is not much to gain by this. If the information is found in your > logfile, they didn't get in :} > > > check the binaries tooo... > > top, ps, ls, last, w, who, netstat, passwd, login, etc... > > Absolutely do this. I've seen rootkits these days that modify the startup > scripts too. >
