Mayba, I can add my comments here. recently, a kernel bug exploited and linux kernel developers patched it already. ptrace-kmod exploit. A local user can run suid shell with just using an exploit. Maybe hacking -- if there is-- may be done via this too.
But, according to me too, backups are good evidences and they are the way of saving your data.. sincerely. > hmmm kernel ? > > now you can start your (re)search > > I don't think you'll find a lot in your logfiles because the are > "cleaned" anyway.... > > grtnx, > Robbert Helling. > > At 17:26 7-5-2003, you wrote: > > > Check the shell history file of team1 user... > > if exists > > > > > >On (07/05/03 14:51), Ian Goodall wrote: > > > I am running a debian woody server and when I checked the last users > > > yesterday I a large number of logins in the list. On running the command > > > today I get the following: > > > > > > dev1:/home/ian# last > > > ian pts/0 172.16.3.195 Wed May 7 14:49 still logged in > > > team1 pts/0 blue99.ex.ac.uk Wed May 7 13:21 - 13:57 (00:35) > > > > > > I have run chkrootkit but nothing was found. > > > > > > I have never had this before. Am I being paranoid or is someone trying to > > > cover up their tracks? > > > > > > Thanks > > > > > > ijg0 > > > > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > > >-- > >Bueno, Felippe > ><[EMAIL PROTECTED]> > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]