>If you're running a Red Hat system, that was probably put there by
>linuxconf itself, which is probably running out of a startup entry like
>/etc/rc.d/rc3.d/S99linuxconf -> ../init.d/linuxconf. In which case, it's
>not cause for alarm.
I think you are right, since I checked into its security, and it was still
set up to only allow localhost. Probably not a problem. Just strange that
it got appended after I last appended something and after a security breach.
>Also, if you're running Red Hat, you might want to use rpm to verify all
>packages against the installation CD.
I did that, and very little asside from a large chunk of /etc came up
different. But isn't this also prone to problems if rpm was hacked? I
guess I could re-install rpm and then do it, but I think that all things
considered, I'll just wipe and re-install. I'll sleep better.
Thanks for the help,
John