On Wed, 28 Aug 2002, Jonathan Johnson wrote:
> Dear Lewi (et al.),
>
> On Wed, 28 Aug 2002 22:10:06 +0700, Lewi <[EMAIL PROTECTED]>
> wrote:
>
> > I just checking whereis passwd place from, when I run this
> > # whereis passwd
<snip>
>
> Yes, this looks very wrong, so you may have been "rooted."
>
<snip>
>
> There is a rootkit sniffer that will search for known malicious code on
> a filesystem; I forget the name but it is documented on
> www.insecure.org.
chkrootkit highly recommended
If you think you've been hacked, re-install. Don't mess around with
trying to figure out what's been replaced or added and what hasn't.
--
***************************************************
.~. Jerry Winegarden
/ v \ OIT/Technical Support, Duke University
/( _ )\ [EMAIL PROTECTED], http://www-jerry.oit.duke.edu
^ ^
***************************************************
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
