am I hacked?
peter kostov
fedora at light-bg.com
Sat Apr 21 19:04:20 UTC 2007
Martin Marques wrote:
> peter kostov wrote:
>> Hello,
>>
>> I was not reading my system logs regularly (that's bad!). Today I
>> noticed the following:
>
> Install logwatch.
>
> [snip]
>>
>> In the logs I found exactly the same results since one month ago.
>>
>> Does that mean I have been hacked and all those binaries are replaced?
>> The secure logs are full with unaccepted ssh connections. The only
>> successful connections for this period are from a known IP, but
>> unfortunately I have no older logs.
>
> Doesn't look like that. Any way, I didn't read in all your mail witch
> version of FC you were running, and if you have upgrades up2date.
I am running FC5 with yum enabled.
>
> I wouldn't worry so much. But get logwatch running right away.
>
I have logwatch installed, but I didn't know about it. Thanks for
pointing it out!
On the other machine in my local network there is one 'bad' binary
reported by rkhunter - wget. This second computer accesses the Internet
through the one we are discussing.
It is also running FC5 with yum, although the installation isn't exactly
the same.
Peter
More information about the users
mailing list