Well I promised to give an update on the ps -ef thing I had a few weeks ago
and also the timestamp problem. This is for those others out there who might
also be scratching their head as to what changed.
Essentially if you remember, I was asking why when running ps -ef I seemed
to get a very short output that concentrated only on GETTY processes and
some others. I'm used to running ps -ef not ps -aux so it was strange to me
it would do this. I also couldn't seem to see processes such as identd which
run as 'nobody' I could see them happily running in TOP but not ps -ef OR
ps -aux them. It was really strange.
Also, I noticed than when I created a file the timestamp of it was 4 hours
ahead Somewhere in the sea just West of Bristol England I believe. Certainly
not East Coast US anyway. Didn't matter what I did with my clock, I couldn't
get the time stamp on files to be right.
Well then I started looking a little closer and guess what I found...... I'm
sure most of you already know and someone out there specifically KNOWs! Yes
I was hacked.
Someone dumped a root kit and Stacheldraht on my system.
So, those of you who are getting weird displays in ps -ef and strange file
times BEWARE.
It appears this happened very soon after an upgrade to 6.2, before any
significant patching and before I turned off all the services it turned back
on from my 6.1 system.
I learnt a thing or two in the last couple of weeks, thanks to all those
that helped me.
Thanks,
Chris
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
