help
Bohdan Sydor
bohdan at harazd.net
Thu Jan 28 08:14:16 UTC 2010
Joy Methew wrote:
> i login as a root than i run "last" command i m sending tha first 10 lines
> of last command...i thinks someone hack my system.i am sending history
> command output.
> now i remove .ssh directory and /var/tmp/*
>
> please suggest wat is this??
Hi,
if your system was compromised, then the most secure next step is to
reinstall the system.
What I can see in the bash history, the attacker downloaded and
installed custom software.
Please send the output from the following commands run as root:
ps aux
pstree
netstat -ntulp
getent passwd
Regards
--
Bohdan Sydor
RHC{E,I,X}
www.sydor.net
More information about the redhat-list
mailing list