Quoting Marcel Weber ([EMAIL PROTECTED]): > But what made me shudder was this: In the /tmp folder I found these files: > > drwx------ 2 root root 48 Aug 10 19:36 Ib2KZi > drwx------ 2 root root 88 Jan 3 06:12 MF2oMw > drwx------ 2 root root 48 Aug 11 16:32 S0oNze > srwxr-x--- 1 root root 0 Aug 10 20:32 fileCOpZW0 > -rw-r--r-- 1 root root 11 Aug 10 20:10 fileXVutPe > drwx------ 2 root root 48 Aug 10 19:37 nYBXvZ > > And in the /tmp/MF20Mw folder this one (I attached it to the posting): > > -rw------- 1 root root 8192 Aug 10 19:33 L8823-7955TMP.txt.gz > > Is this a left over from an attempt to hack my system?
Highly unlikely. Attackers know that /tmp isn't an out-of-the-way place. Admins and other users look there all the time. Intruders tend to hide things away in places like boring-sounding subdirectories of /dev . Speaking of that: I'll bet that, if you looked around in /tmp more often, you'd see lots of tempoary files and directories like that, from time to time -- especially after installing and building software. > How can I check what happened and if the attacker succeeded? Read the advisories from your well-tuned IDS. ;-> http://linuxgazette.net/issue98/moen.html -- Cheers, "A raccoon tangled with a 23,000 volt line, today. The results Rick Moen blacked out 1400 homes and, of course, one raccoon." [EMAIL PROTECTED] -- Steel City News -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
