[CentOS] How to tell if I've been hacked?

Magnus Holmström magnus.holmstrom at gmail.com
Thu Aug 20 22:59:51 UTC 2009

Check for failed logins in /var/log/messages

Check if the /etc/passwd file have been changed

Use commands like last, w and uptime.

2009/8/19 Eduardo Grosclaude <eduardo.grosclaude at gmail.com>

> On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbell<centos at celestial.com>
> wrote:
> > You cannot trust tools like ``ps'', ``find'', ``netstat'', and
> > ``lsof'' as these are frequently replaced by ones that are
> > modified to hide the cracker's work.
> As a corollary, the only safe way to audit a suspected system is
> booting your diagnostic tool from known good media (eg try a security
> Live CD distro)
> --
> Eduardo Grosclaude
> Universidad Nacional del Comahue
> Neuquen, Argentina
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090821/c44e2b94/attachment.html>

More information about the CentOS mailing list