Re: Security Breach: A zero byte file created in my home directory
On 2007-05-15 11:35:03 +0530, Deboo ^ wrote:
> I saw today that there's a zero byte file in my hoem dir with the name
> "Brendan" created yesterday but I couldn't search whp created it or
> what was the command that created it etc from any log files.
Are you sure you haven't written something containing "> Brendan" in
a terminal (e.g. by pasting a selection by mistake, this sometimes
happens to me, and I get 0-byte file creation because of that)?
You can look at the history file of your shell, e.g. .bash_history if
it is bash.
> I did not have a firewall yet.
That's not very useful under Linux, unless you installed some unsecure
software or did something wrong with servers.
> I am testing postfix on and off but don't keep it onlien for more
> than a few minutes everytime I test.
Or could this come from one of your tests?
> Can somone have used that to login to my system?
I'd say that such file creation are often user mistakes.
> And JUST now as I am posting this, that file is GONE. I did not delete
> it.
That's strange.
> Even with the firewall, someone is in my computer?
If someone entered your computer before you installed the firewall,
this could be too late (he could have installed a rootkit, that
bypasses the firefall). You can try chkrootkit to see if a rootkit
was installed.
Another possibility is that you have run some program that did this
file creation and deletion.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: