[CentOS] How to tell if I've been hacked?

Fri Aug 21 15:00:18 UTC 2009

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Ryan Pugatch
Sent: Wednesday, August 19, 2009 5:23 AM
To: CentOS mailing list
Subject: Re: [CentOS] How to tell if I've been hacked?

Christopher Chan wrote:
> Scott Ehrlich wrote:
>> There is a lot of talk about the vulnerable Linux kernel.   I'm
simply
>> wondering the telltale signs if a given system has been hacked?
>> What, specifically, does a person look for?
>>   
> 
> rpm -Va is a good start for modified binaries/libraries.
> rootkit detectors is another thing you can try.
> 
> 
> Other than that, it is checking your logs and looking for odd files 
> lying around...
> 

Also, processes running that you don't recognize.  Users you don't
recognize.  Logged in sessions that you don't recognize.  Free space
shrinking abnormally.  An increase in bandwidth usage that is
unexpected.

Ryan

Also processes you thinkk you DO recognize:
Just for testing how alert my co-workers were, i had a program called
"kswapd", just calculating prime-numbers...
They never noticed. ;-)

Without any preperation it's harder. No point in installing tripwire,
activating apparmor/selinux afterwards.
Those things should be done after a fresh installation.

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.