[CentOS] How to tell if I've been hacked?
magnus.holmstrom at gmail.com
Thu Aug 20 22:59:51 UTC 2009
Check for failed logins in /var/log/messages
Check if the /etc/passwd file have been changed
Use commands like last, w and uptime.
2009/8/19 Eduardo Grosclaude <eduardo.grosclaude at gmail.com>
> On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbell<centos at celestial.com>
> > You cannot trust tools like ``ps'', ``find'', ``netstat'', and
> > ``lsof'' as these are frequently replaced by ones that are
> > modified to hide the cracker's work.
> As a corollary, the only safe way to audit a suspected system is
> booting your diagnostic tool from known good media (eg try a security
> Live CD distro)
> Eduardo Grosclaude
> Universidad Nacional del Comahue
> Neuquen, Argentina
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS