Jump to content

How can I tell if I've been compromised?


Dustpuppy
 Share

Recommended Posts

Hi, I've been running 9.2 for the past month or so on a large college network, and I've just realised that I did something VERY stupid when I set the thing up: I thought on the firewall you checked the boxes for services you wanted to be able to use, rather than what you want other people to have access to! So I've had web server, domain name server and ftp enabled. I've now _dis_ enabled them (no boxes checked under drakfirewall), but is there any way of checking my system hasn't been hacked? A couple of things worry me:

 

1) my net connection is slower than it ought to be

2) I'm getting lots of martians in /var/log/messages

3) I've just found an entry in the system logs "forbidding remote root login"

 

Should I be worried? I am, as you can tell, a complete n00b!

Link to comment
Share on other sites

It was in /var/log/messages.

 

I'm also worried because gconfd (which I can't find out about) keeps on starting with no intervention from me: eg

 

gconfd (root-xxxx)          starting (version 2.4.0.1) PID xxxx user "root"

 

eek!

that's normal...at least I've always seen it.

Link to comment
Share on other sites

that's normal...at least I've always seen it.

I'm glad it's normal... I think I just got a little jumpy after discoving my mistake with the firewall B)

 

I've run rkhunter and it's all clear - phew!

 

And my 'net connection's playing normal again, hurrah.

 

I do get very jumpy about security here - the college's firewall etc is fab, but we're a science and technology college, so inside the firewall there are always going to be script kiddies in training wanting to show off :sigh:

 

Many thanks to everyone!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...