[TriLUG] Have I been compromised?
Chris Merrill
cmerrill at nc.rr.com
Thu May 23 13:35:29 EDT 2002
I've just read yet another story quoting that a default
Red Hat installation placed on the Internet will be
compromised within days.
I have a RedHat 7.1 installation on TWC that has been
up for more than a year. It is not a default installation,
since I usually don't install anything that I don't need.
But I also did not take any extraordinary security
measures (other than IPchains for firewall...since the
computer also acts as the gateway for other computers).
I am running a few services:
- Postfix
- Apache
- Mailman
- Samba (only for brief times when I want to move files
to/from a Windows box)
I tried to turn off most other unneeded services.
I occasionally (every 3-4 weeks) log in and check
the logs to see if anyone else has logged in...but
if they could get in, I would assume they would
clean the logs.
My question:
How would I know if my system had been compromised?
*********************************
Chris Merrill
cmerrill at nc.rr.com
*********************************
More information about the TriLUG
mailing list