Hello,
Im running several servers all ranging from FBSD 4.11 through the 5.4 release
, patched of course. MY question is how do i check a system to see if has been
compromised ? I have already run a current version chkrootkit found nothing.
The symptom im seeing is yesterday all of a sudden the
At 08:40 Wed 28 Jun 2006, Brent wrote:
The symptom im seeing is yesterday all of a sudden the root user was removed
from the /etc/passwd file Im not sure on how to track down what happened. I
managed to recover from this. Are there any other tools that i can use to
track down say who did
In response to Brent [EMAIL PROTECTED]:
Hello,
Im running several servers all ranging from FBSD 4.11 through the 5.4 release
, patched of course. MY question is how do i check a system to see if has been
compromised ? I have already run a current version chkrootkit found
nothing.
You need
Brent wrote:
Hello,
Im running several servers all ranging from FBSD 4.11 through the 5.4 release
, patched of course. MY question is how do i check a system to see if has been
compromised ? I have already run a current version chkrootkit found nothing.
There isn't a simple answer to that,