Howdy, Cheng! > > Someone has break in my machine (Debian 1.3) and > write a file in my home dir. There is no trace > in utmp and wtmp file. In dameon.log and syslog > file, there two seems to be like this: > Sorry to hear that your system has been compromised! One of the first things I'd do is change *all* passwords on the system. I'd also consider re-installing Debian to be sure that you got clean binaries - someone could have replaced an essential binary with one that allows them access to your system.
I'd also recommend you getting/reading the latest issue of Linux Journal - it discusses Linux system security. Some things you might want to implement are explained quite nicely. > Jul 16 17:41:52 ultra kerneld: started, pid=148, qid=0 > Jul 17 17:59:59 ultra in.fingerd[1323]: connect from xxx.xx.xx.xx > > Is this come from fingerd program? Or maybe others just > happen to know my password. > > Thanks for all suggestions. > > -cheng > Chuck -- Chuck Stickelman, Owner E-Mail: <[EMAIL PROTECTED]> Practical Network Design Voice: (419) 529-3841 9 Chambers Road FAX: (419) 529-3625 Mansfield, OH 44906-1302 USA -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
