Peeps Just had a look at yesterdays logwatch mail and noticed that someone has logged in as root via ssh 6 times from the IP address of the place I work. I don't think it's been done maliciously, more of a 'look what i did <laugh, laugh>'. I have looked at /var/log/secure and there's no evidence in there about it so it looks like theyve covered their tracks. Does anyone know how I can find out what they did and how to prevent stuff like this happening again (yes - Ive already changed the password). Ive already looked at the bash history file with no luck Thanks A slightly worried Jeff -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
