> >> > What the heck to I check?
In addition to what the others mentioned, run 'rpm -ya'.
It will verify all of your redhat package installed software against the
redhat MD5 signatures in the rpm database. It is kind of a primitive, yet
very effective, tripwire system. Read the manpage for details on the
flags.
It will report that the MD5 signatures have changed on several of your
config files, and those files will be a good place to look for anything
suscpicious. It will also report if any critical binaries (like sshd,
netstat, ps, and inetd) have been replaced with trojans.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
