yes of course you have to look on your logs and your root _history_, use tripwire for file integrity/inventory to confirmed that you are really compromised and configure your syslogd to dump your logs on the other box (man syslogd & man syslog.conf).
to answer your question, backup all the important files on your box and then try to monitor your box, if you have a dmz box try to sniff what the script kiddiez doing. macky wrote: > > can anyone tell me the most common steps to be taken to know if someone has > taken over your system? > definitely first thing to look at is the LOGS.. am i right? :) > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] -- Jimmy B. Lim Opeation & Support Team Leader Tricom _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
