Ryan Pugatch wrote: > Christopher Chan wrote: > >> Scott Ehrlich wrote: >> >>> There is a lot of talk about the vulnerable Linux kernel. I'm simply >>> wondering the telltale signs if a given system has been hacked? >>> What, specifically, does a person look for? >>> >>> >> rpm -Va is a good start for modified binaries/libraries. >> rootkit detectors is another thing you can try. >> >> >> Other than that, it is checking your logs and looking for odd files >> lying around... >> >> > > > Also, processes running that you don't recognize. Users you don't > recognize. Logged in sessions that you don't recognize. Free space > shrinking abnormally. An increase in bandwidth usage that is unexpected. > Yeah...one should not assume that those will be hidden by rogue libraries/binaries. Not every case will be taken that far or unspotted before it gets that far. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos