On Fri, Nov 12, 1999 at 05:39:01PM -0500, Kevin Heath wrote: >[...] > I'm probably forgeting lots of things.
Yup--you should probably first install the debsums package to see what files don't match their original checksum: "debsums -sa 2>&1 |tee -a dubsum.log" Also, make sure root's .profile, .bash_profile, .cshrc, etc. don't have and malicious commands and have reasonable PATH's and umask's Also check root's crontab, .forward, and .procmailrc's, and "/etc/cron.*/*"'s. You should actually do the same for your user account as well--since a password grabber might be set-up to try and catch you su'ing. HTH, -Kevin
