> >Hi All, > > We are using RHL 6.2 as proxy server. The proxy software is Squid. > It is giving some problems on dual processor intel machine. > We are facing some problems with security. We found some entries > in /etc/passwd file with uid 0. I found the originating ip address. If you are sure what you say, your box has been comparmised and root kit has been installed. Take off the box from the net and check througly or else it might be used launch some seroius attack on other servers. If possible format hard disk and reinstall with due attention to security. > Is it possible to find which country or ISP it belongs. ( I tried with > nslookup and it is not able to find.) You may .. try whois try traceroot But better make your machine full proof. No point in chasing ISP/IP. > > What are the security holes can linux have? Any pointers? Some one has posted some good sites on this list, check archieves. > > TIA, > Sambaiah Kilaru. > > >---------------------------------------------- >An alpha version of a web based tool to manage >your subscription with this mailing list is at >http://lists.linux-india.org/cgi-bin/mj_wwwusr > ---------------------------------------------- An alpha version of a web based tool to manage your subscription with this mailing list is at http://lists.linux-india.org/cgi-bin/mj_wwwusr
