Go to http://www.chkrootkit.org and download their chkrootkit.tar.gz file.
Next, unhook your system from the network. Then, untar it, compile, and
see which files seem to be compromised. Attempt to replace these files.
However, if you've truly been hacked, your best bet is to:
A) Back up any data you want saved.
B) Reformat and reinstall (and if you're not running RH7, yet, you might
want to install RH7, since it makes this next step a lot easier)
C) Keep up with all the errata and updates for your OS. (RH7 comes with
"The RedHat Network, with which you can automate the process)
On Fri, 16 Feb 2001, Ed Lazor wrote:
> Someone hacked into one of my systems and I can see them running
> stuff. They seem to have a rootkit installed, because nothing shows up
> under who or w. Is there anything I can do to trace them while they are
> doing this stuff to catch them?
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
