On Thursday 28 February 2002 14:44, MindBender wrote:
This computer is mainly used as my Internet geteway I have ssh running for remote access and only one other person used that computer if you want to see the log file I can send it to you directly
Question 1; why do you think you've been cracked? Question 2; do you have chkrootkit installed? (see http://www.chkrootkit.org/) If you've got chkrootkit installed, does it report anything as infected? If you think chkrootkit might have been tampered with (as all local files are under suspicion), have you downloaded a new copy of chkrootkit and installed and run it? (or run chkrootkit -p /<path of a trusted binary>) Question 3; have you considered running tripwire or COPS, or similar integrity-verification stuff? And the big question: Question 4; when did you last make any backups? If you have a good reason to believe that your system has been compromised, then it's time to wipe the drive and restore from backups, since any file could potentially be tampered with. Gideon.