Christopher Chan wrote: > Scott Ehrlich wrote: >> There is a lot of talk about the vulnerable Linux kernel. I'm simply >> wondering the telltale signs if a given system has been hacked? >> What, specifically, does a person look for? >> > > rpm -Va is a good start for modified binaries/libraries. > rootkit detectors is another thing you can try. > > > Other than that, it is checking your logs and looking for odd files > lying around... > Also, processes running that you don't recognize. Users you don't recognize. Logged in sessions that you don't recognize. Free space shrinking abnormally. An increase in bandwidth usage that is unexpected. Ryan