[CentOS] How to tell if I've been hacked?
Geoff Galitz
geoff at galitz.org
Fri Aug 21 15:22:38 UTC 2009
>
> Also processes you thinkk you DO recognize:
> Just for testing how alert my co-workers were, i had a program called
> "kswapd", just calculating prime-numbers...
> They never noticed. ;-)
>
> Without any preperation it's harder. No point in installing tripwire,
> activating apparmor/selinux afterwards.
> Those things should be done after a fresh installation.
Indeed. I once found a gdm binary that had been subverted. I'm certain
that would fly below the radar of many organizations.
---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/
More information about the CentOS
mailing list