[CentOS] How to tell if I've been hacked?

Geoff Galitz geoff at galitz.org
Fri Aug 21 15:22:38 UTC 2009

> Also processes you thinkk you DO recognize:
> Just for testing how alert my co-workers were, i had a program called
> "kswapd", just calculating prime-numbers...
> They never noticed. ;-)
> Without any preperation it's harder. No point in installing tripwire,
> activating apparmor/selinux afterwards.
> Those things should be done after a fresh installation.

Indeed.  I once found a gdm binary that had been subverted.  I'm certain
that would fly below the radar of many organizations.

Geoff Galitz
Blankenheim NRW, Germany

More information about the CentOS mailing list