rpm -qf `which ps` rpm -V rpmfromabovecommand rpm -qf `which ls` rpm -V rpmfromabovecommand if these are compromised from a root kit you should install the rpm's using rpm -ivh --replacefiles procps-2.0.6-12mdk.i386.rpm this will clean out the root kit with new files. if you suspect that rpm has been messed with, then boot with your boot and rescue disks, mount the root partition on /mnt/tmp and use the rescue disk to fix/replace the rpm command. Then fix everything else. Also, until you fix your security, keep your system off the net except to get any files you need. Now you want to read the security howto, check into bastille-linux if you want to do it in a hurry, and add portsentry (look it up on http://freshmeat.net). You should also get nmap (also on freshmeat) and use it on your system to see where you are vulnerable. Tom Berkley "Bob Puff@NLE" wrote: > > Hello, > > In the close inspection I've been giving my machine since it was hacked, > I see that there was a 100kbit/sec upload averaged over 5 minutes.. that > is a lot of data. I don't see any new files to account for this, and > suspect the hacker might have uploaded something naughty. > > Question: how do I do a locate (whereis), based on date? What I want to > do is display ALL files that have been created or modified SINCE a > certain date.. like 2 days ago. > > It would be real nice if the resulting output could give the entire > pathname to each file. > > I tried messing with some switches in the FIND command, but it didn't > work. > > Thanks. > > Bob > > P.S. Please CC messages directly to me also: [EMAIL PROTECTED] > > ------------------------------------------------------------------------ > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list.
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
