Hi Karthik,
The command for seeing who was logged into your machine is "last" and to see who is
logged in, it is "w" or "who". I always forget which of these two it is and right now
am not at my Linux computer to check.
Concerning your other question (could the box behaving strangely be affected by a
virus and are all processes showing up in "ps aux"): I agree with Richard (who
wouldn't?) that it is improbable that you have caught a virus, but if the box hangs on
an insecure internet connection (insecure as in "in any way exploitable", especially
if it is a 24/7 connection with a static IP) you could have been rooted. That could
mean that a cracker has taken over the box and exchanged common programs for patched
versions with malicious functions (e.g. attacking other machines on the web). These
would show up normally in ps aux and top and perhaps even execute their normal
functions if invoked, but possibly also their malicious functions.
I'd go to the box, yank out it's net connection physically, shut it down and then
reboot it from the install media or a floppy distribution. Then I'd compare the sizes
and checksums of common programs in /bin, /sbin, /usr/bin, /usr/X11R6, /root and so on
with those on the install media. I'd look for shell scripts that you didn't put there
yourself. This last thing is improbable to bring up something if the attacker has had
time to clean up after the deed, but you never know, it could have been some naive
script kiddie.
HTH, and read the "Cracked!" series on www.rootprompt.org !
Bye, Christoph
Karthik Vishwanath <[EMAIL PROTECTED]> wrote:
__________
>Hi,
>
>
>How must check if there has been access to my machine, and from where it
>came?
>
--
This is not here.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
