[CentOS] How to tell if I've been hacked?

Eduardo Grosclaude eduardo.grosclaude at gmail.com
Wed Aug 19 11:03:24 UTC 2009


On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbell<centos at celestial.com> wrote:
> You cannot trust tools like ``ps'', ``find'', ``netstat'', and
> ``lsof'' as these are frequently replaced by ones that are
> modified to hide the cracker's work.

As a corollary, the only safe way to audit a suspected system is
booting your diagnostic tool from known good media (eg try a security
Live CD distro)

-- 
Eduardo Grosclaude
Universidad Nacional del Comahue
Neuquen, Argentina



More information about the CentOS mailing list