Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

have I been hacked/exploited?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
irony
Tux's lil' helper
Tux's lil' helper


Joined: 10 Jul 2002
Posts: 129
Location: CT
PostPosted: Mon Oct 14, 2002 3:21 pm    Post subject: have I been hacked/exploited? Reply with quote
I'm relatively new to gentoo/linux, and I'm trying to figure out whether by box has been hacked or exploited.
My first indication was at a lan party recently, which wasn't connected to the outside world, when I quit out of X, I had a whole string of error messages that "/usr/sbin/sendmail can't connect" which worries me, as I don't use any mail programs.
I also had some problems last night with agetty, and not being able to kill it - every time I tried it restarts itself. Though looking at other people's posted ps -aux, it seems that having four agetty processes running is not abnormal.

My basic question is this. How do I go about determining if I've been hacked? Are there signs I should look for, files I can check?

Any help would be great. Thanks!
_________________
"and if rain brings winds of change, let it rain on us forever..."
Back to top
View user's profile Send private message
ktb
n00b
n00b


Joined: 03 Oct 2002
Posts: 10
PostPosted: Mon Oct 14, 2002 3:35 pm    Post subject: Reply with quote
One thing you could do is run chkrootkit.
http://freshmeat.net/projects/chkrootkit/?topic_id=43

Also take a look at this document.
http://www.cert.org/tech_tips/intruder_detection_checklist.html
hth,
kent
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
PostPosted: Mon Oct 14, 2002 7:49 pm    Post subject: Re: have I been hacked/exploited? Reply with quote
irony wrote:
I had a whole string of error messages that "/usr/sbin/sendmail can't connect" which worries me, as I don't use any mail programs.

This could very well be ssmtp trying to send you information about cron jobs.

Quote:
I also had some problems last night with agetty, and not being able to kill it - every time I tried it restarts itself. Though looking at other people's posted ps -aux, it seems that having four agetty processes running is not abnormal.

That's what getty processes do - they're waiting for people to log in to them, and init respawns them. Don't worry about this one either.

ktb's advice is great, but I think the probability that you need to worry is very low.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy