[Gllug] compromised?
Leigh Mason
leigh at silkstream.net
Sun Feb 23 21:36:11 UTC 2003
Hi all
I'm using Red hat 7.1 with the 2.2.16 kernel. A periodic check of
/var/log/messages has revealed:
syslogd 1.3-3: restart
syslogd 1.3-3: restart
syslogd 1.3-3: restart
syslogd 1.3-3: restart
syslogd 1.3-3: restart
syslogd 1.3-3: restart
Could this mean the machine has been compromised in some way!?
I'm only running a handful of services, such as
sshd, identd, xinetd and apache 1.3.27.
I've googled around and various sources suggest running a utility
called 'chkrootkit', is this a reliable way to detect any signs of
intrusion? Can anyone suggest what my next step should be?
Regards
Leigh
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list