There was a successful ssh attack on one of our boxes. We need to allow ssh access to those outside the organization. The attacker put a homegrown rootkit on the server. The rootkit was stopped, but since then ssh has been logging to /var/log/messages. The relavent configuration files I know about (/etc/ssh/sshd_config, /etc/ssh/ssh_config, /etc/syslog) are the same a server that I works. /var/log/secure is not getting any messages. What can I do to restore ssh to its previous state without reinstalling it?
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
