On 28 Sep 2000, Olaf Meeuwissen wrote: > bash$ man debsums > bash$ dpkg --search `which top` > procps: /usr/bin/top > bash$ debsums -s procps > > Any output could be a problem. Of course this assumes that the listed > md5sums have not been tampered with. They are in /var/lib/dpkg/info. >
Okay, after poking around a good deal, here's the diagnosis: 1) Log files look okay, but that doesn't count for much. 2) md5sums for all of those things like top, ls, etc all check out. 3) No packages have .md5sums files in /var/lib/dpkg/info with modification dates any later than my original istallation (which was Sunday). Are script kiddies smart enough to modify this? If anybody did crack my box, it's not readily apparent that they did anything harmful. Nevertheless, the only open ports I'm going to have from here on out is ssh, and that will be configured to accept connections ONLY from my box in my office. Thanks for the help. Any further suggestions are very welcome, since I'm still very new to all of this security stuff. ---------------------------------------------------------------------- Stephen W. Juranich [EMAIL PROTECTED] Electrical Engineering http://students.washington.edu/sjuranic University of Washington http://rcs.ee.washington.edu/ssli
