On Sun, Mar 04, 2001 at 12:30:32PM -0800, Ben Ocean wrote:
>
> Well, *did* they get in, or do we know? Did they get in as far as
> tty1 and stop cold? Or, since they apparently logged in as root, did
> they gain access to the entire box through tty1? If they did, how
> should I go about protecting the machine? Changing the password
> would not only be useless, it would tip them off that I know what
> happened.
Have you tried 'rpm -Va'? Also, I forget if this is RH7, but if so, is
tripwire installed? I find this a great peace-of-mind tool to have
running. Just for future reference...
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
