Perhaps this is after the fact( if it was hacking) but might prevent future problems. You could install tripwire which is located on disk #3. It does take some time to decide how secure you wish to make your installation but does an excellent job, IMHO, of monitoring critical system files for any type of tampering. Another preventative measure is to not use telnet, rsh, rexec, or other non-secure methods of communication, disable any ports and services which are not essential system, keep your root password safe and use 'sudo' to perform maintenance duties since it keeps a log of commands run. Good luck....DT
