[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Breach: A zero byte file created in my home directory

On 2007-05-15 08:48:44 -0700, Andrew Sackville-West wrote:
> If you're already compromised, chkrootkit won't do you any good as it
> could be compromised too.

Perhaps reboot the machine in single user (in case a rootkit is run
from the init files), check the ctime of chkrootkit, and if it is OK,
this means that it hasn't been compromised.

> I recommend you take the machine offline and monitor it for more
> similar activity. If the activity occurs while offline, its probably
> your doing, at not someone else's.

If some daemon has been installed, there could be some activity...

Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)

Reply to: