Check your logs, check your backdated logs. and rpm --verify --all would be a good start.
man rpm for details. F. Chris Merrill wrote: > > I've just read yet another story quoting that a default > Red Hat installation placed on the Internet will be > compromised within days. > > I have a RedHat 7.1 installation on TWC that has been > up for more than a year. It is not a default installation, > since I usually don't install anything that I don't need. > But I also did not take any extraordinary security > measures (other than IPchains for firewall...since the > computer also acts as the gateway for other computers). > > I am running a few services: > - Postfix > - Apache > - Mailman > - Samba (only for brief times when I want to move files > to/from a Windows box) > > I tried to turn off most other unneeded services. > I occasionally (every 3-4 weeks) log in and check > the logs to see if anyone else has logged in...but > if they could get in, I would assume they would > clean the logs. > > My question: > How would I know if my system had been compromised? > > ********************************* > Chris Merrill > [EMAIL PROTECTED] > ********************************* > > _______________________________________________ > TriLUG mailing list > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ: > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html -- ------------------------------------------------------------------ Frank Welty | 15401 Weston Parkway, Suite 150 [EMAIL PROTECTED] | Cary, NC 27513 Redback Networks | desk:919.678.2175 m: 919.264.7495 ------------------------------------------------------------------ _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
