> Okay, so I looked into the /tmp directory and found ./shell.pl and ./.x. [snip - lots of investigation goodness] > I also plan to segment the network so that even if the webserver is > compromised the perp cannot sniff the rest of the network traffic and > steal passwords/data. At least, that's how I think it would work. It sounds like you have an excellent handle on things now. One other thing I would suggest would be that if you install cacti on the new server you should edit your httpd.conf and restrict access to it and it's subdirectories to add another layer of protection. Really, anything that isn't for the general public ought to be restricted, of course. Eris Caffee -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
