And possibly you should think about "chatter" on files such as history files and the
like.
Also you may want to consider redirecting all log file messages specified in
/etc/syslog.conf to a remote system
for example:
Replace *.info;mail.none;news.none;authpriv.none
/var/log/messages
with this:
*.info;mail.none;news.none;authpriv.none
@remote_system_name
Additionally if NFS is used, automount will allow you to keep a record of who and when
people log on.
-----Mike
"W. Reilly Cooley" wrote:
> On Thu, Sep 07, 2000 at 04:19:38PM -0700, kort wrote:
> >
> > Reinstalling will fix any currently hacked services, but that
> > will just require the vandal to re-infect the system.
>
> Not necessarily. Only a complete wipe and re-install will. Otherwise,
> you need to use 'lsattr' to make sure that none of your files have
> the immutable bit set, which will cause trojaned binaries to not be
> overwritten.
>
> Wil
> --
> W. Reilly Cooley, Esq. [EMAIL PROTECTED]
>
> _______________________________________________
> Redhat-devel-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-devel-list
--
Michael Waite Mission Critical Linux
Senior Professional Services Consultant 100 Foot of John Street
978-606-0349 office Lowell, MA. 01852
978-376-4677 cell [EMAIL PROTECTED]
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
