[CentOS] How to tell if I've been hacked?
Ryan Pugatch
rpug at tripadvisor.com
Wed Aug 19 03:22:49 UTC 2009
Christopher Chan wrote:
> Scott Ehrlich wrote:
>> There is a lot of talk about the vulnerable Linux kernel. I'm simply
>> wondering the telltale signs if a given system has been hacked?
>> What, specifically, does a person look for?
>>
>
> rpm -Va is a good start for modified binaries/libraries.
> rootkit detectors is another thing you can try.
>
>
> Other than that, it is checking your logs and looking for odd files
> lying around...
>
Also, processes running that you don't recognize. Users you don't
recognize. Logged in sessions that you don't recognize. Free space
shrinking abnormally. An increase in bandwidth usage that is unexpected.
Ryan
More information about the CentOS
mailing list