Hi there, Use this checklist:
http://www.linuxforum.com/forums/index.php?showtopic=14077 I would suggest you assume that you have a system that is more compromised than you initially have thought. Work through the checklist described in the link shown above. Firewalls aren't necessarily useless ... in combination with a firewall you can do the following (generically speaking): - always read security updates related to the specific sets of applications|code you run - update your system religously - limit the amount of change on the system by confining users to a limited set of usable commands (check setuid|setgid bits and general permissions) - disable compilation of any kind of source by *anyone*, and if you need to compile anything then install a compiler and do what you need to do and get rid of it - run automated tasks that notify you of change on your system and become very familiar with patterns of change so you can spot something out of the ordinary...this is a big ask especially if you have a very dynamic system but it's worth doing to help you react quickly - run automated tasks that notify you of attempts to access your system 'legitimately' and see who is accessing what and when - try and break in to your own system ;) - about a hundred more things....... All of the above may seem overkill to some but believe me it is worth it if only as a learning exercise...initially the effort seems to be a lot but once you're doing the above things, it only takes 5-10 minutes a day of reading some logs|reports and giving the system an occasional once over to maintain a modicum of security. Also - Jim made a good point about using the last good known copy of your system to rebuild - which is CD install + backups of data. Good luck. -Abhinav
