* smorris@mindspring.com (smorris@mindspring.com) [27.07.99 09:14]:
You may wish to look into to packages, SWATCH and COPS. They monitor you system and will let you know of file changes.
By now I would say it´s too late to do this. If it was not only a script-kiddy (perhaps even then) he changed files on your system, installed some backdoors or root-kits and will be able to get into your box every time he wants - even without using an imap-exploit... You should get the machine off the net (if possible) and reinstall it (perhaps with a newer version). Balu PS: A fast (but not really secure) check of your system-files could be done with rpm using the verify-Option... (A "rookie" told me some time ago about this ;). PPS: Perhaps you should try to catch the hacker logged in and just ask him, how he did it. I did this some time ago and was surprised what a nice guy he was (and excused me for getting him off the machine right now ;)