On 2007-05-15 11:35:03 +0530, Deboo ^ wrote: > I saw today that there's a zero byte file in my hoem dir with the name > "Brendan" created yesterday but I couldn't search whp created it or > what was the command that created it etc from any log files.
Are you sure you haven't written something containing "> Brendan" in a terminal (e.g. by pasting a selection by mistake, this sometimes happens to me, and I get 0-byte file creation because of that)? You can look at the history file of your shell, e.g. .bash_history if it is bash. > I did not have a firewall yet. That's not very useful under Linux, unless you installed some unsecure software or did something wrong with servers. > I am testing postfix on and off but don't keep it onlien for more > than a few minutes everytime I test. Or could this come from one of your tests? > Can somone have used that to login to my system? I'd say that such file creation are often user mistakes. > And JUST now as I am posting this, that file is GONE. I did not delete > it. That's strange. > Even with the firewall, someone is in my computer? If someone entered your computer before you installed the firewall, this could be too late (he could have installed a rootkit, that bypasses the firefall). You can try chkrootkit to see if a rootkit was installed. Another possibility is that you have run some program that did this file creation and deletion. -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
