[TriLUG] Have I been compromised?
lfwelty
lfwelty at redback.com
Thu May 23 15:09:25 EDT 2002
Check your logs, check your backdated logs.
and
rpm --verify --all
would be a good start.
man rpm for details.
F.
Chris Merrill wrote:
>
> I've just read yet another story quoting that a default
> Red Hat installation placed on the Internet will be
> compromised within days.
>
> I have a RedHat 7.1 installation on TWC that has been
> up for more than a year. It is not a default installation,
> since I usually don't install anything that I don't need.
> But I also did not take any extraordinary security
> measures (other than IPchains for firewall...since the
> computer also acts as the gateway for other computers).
>
> I am running a few services:
> - Postfix
> - Apache
> - Mailman
> - Samba (only for brief times when I want to move files
> to/from a Windows box)
>
> I tried to turn off most other unneeded services.
> I occasionally (every 3-4 weeks) log in and check
> the logs to see if anyone else has logged in...but
> if they could get in, I would assume they would
> clean the logs.
>
> My question:
> How would I know if my system had been compromised?
>
> *********************************
> Chris Merrill
> cmerrill at nc.rr.com
> *********************************
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
--
------------------------------------------------------------------
Frank Welty | 15401 Weston Parkway, Suite 150
lfwelty at redback.com | Cary, NC 27513
Redback Networks | desk:919.678.2175 m: 919.264.7495
------------------------------------------------------------------
More information about the TriLUG
mailing list