Hi Michelle, > Do I need to worry about this?
yes, it's not normal. Go to /root and do an "ls -als". Check if there is a .bashrc file (note the leading dot). If so, then take a look at it and rename it to something different if you didn't put it there. I'm just working on a hacked RaQ3 of a customer. He had been hit by the "aliens" rootkit and also had a .bashrc in place which disabled keytroke logging for the root user. Speaking of logging: They had a nifty tool in place which logged usernames and passwords in plain text of anyone who logged in to any service. Scary stuff. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
