Thanks for the replies. Chkrootkit works really well and is easy to use but didn't find anything. I did find however scan.tgz, relaycheck.pl, a sendmail directory in /tmp with references to ebay, 60,000 entries in mailq and more. There were 60 odd processes called 'brute' which had a parameter of '100' ! Cleaned it all up (which seems to have stemmed the $200/hr internet/data bill) and will probably rebuild later in the week. Thanks Greg -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of John van Zantvoort Sent: Monday, 8 May 2006 6:39 PM To: General Red Hat Linux discussion list Subject: Re: ssh-scan Greg, the two needn't be related but as Karl sugested checking your system and beefing up security seems prudent. Also if your system is connected to a localnetwork see if any security scans are done. For me checking my own security through e.g. nessus, nmap, chkrootkit helped identify security flaws that where a result of (my) poor installation skills or someone elses doing before anyone else found them. Regularly checking your own security is good practise anyway. If you really need ssh access try looking at http://chrootssh.sourceforge.net/ this way you can limit access to a system through use of a chrooted login. -- Met vriendelijke groeten/with kind regards John van Zantvoort --- Paranoia is simply an optimistic outlook on life. GCM d- s+:+ a- C+ UL+++ P+++ L++ E--- W++ N+ o K- w-- O- M- V- PS+ PE- Y+ PGP+ t+ 5 X- R- tv b+ DI++ D+ G e h- r++ y+ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
