also sprach Jeroen van Wolffelaar <firstname.lastname@example.org> [2005.02.07.0022 +0100]: > however, if you're not THAT paranoid, I think you can do with > locking down backup account, checking all files writeable by > backup (all files with recent ctime?), and places like /var/tmp, > /tmp, etc. Once an attacker is on the system, you cannot be sure anymore that you can track his/her actions down. Sophisticated root kits exist to cover all (!) traces. You can put another box in front of the suspect one and check whether any unexpected traffic flows. Use snort. Do that for an extended period of time. If you see anything suspicious, investigate, but don't hesitate. I would simply reinstall. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <email@example.com> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Description: Digital signature