On Sun, 2002-02-24 at 07:47, Rupendra Singh wrote: > >> On 13:28 23 Feb 2002, Rupendra Singh <[EMAIL PROTECTED]> wrote: > >> Which files were getting changed? > > > > ls > > df > > free > > netstat > > ifconfig > > Mike Pelley wrote: > > > Boy. I'm willing to be that there might be some hacking going > > around... > > or i should start taking backups. am i being hacked really.
yes, really. Look at the attributes of those files: $ lsattr /bin/ls ------------- /bin/ls Modifications to the mode, size, or attributes of system binaries like 'ls' and 'netstat' are usually good indications that you've been hacked. Also, try verifying packages like 'fileutils' or 'net-tools': rpm -V fileutils If you have an FTP server, and haven't patched to the latest revision from Red Hat's errata, that was probably the point of entry.
signature.asc
Description: This is a digitally signed message part
