Re: Security Breach: A zero byte file created in my home directory
On 2007-05-15 08:48:44 -0700, Andrew Sackville-West wrote:
> If you're already compromised, chkrootkit won't do you any good as it
> could be compromised too.
Perhaps reboot the machine in single user (in case a rootkit is run
from the init files), check the ctime of chkrootkit, and if it is OK,
this means that it hasn't been compromised.
> I recommend you take the machine offline and monitor it for more
> similar activity. If the activity occurs while offline, its probably
> your doing, at not someone else's.
If some daemon has been installed, there could be some activity...
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: