Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Provided your system is "sane", as root, run (w/o outer quotes):
"lsof -p $(/sbin/fuser /dev/pts/*|cut -d ":" -f 2- | tr " " ",")" or "/sbin/fuser -vu /dev/pts/*" or "find /proc/[0-9]*/fd/ -ls | grep pts" to see what processes have pseudo tty's open.
am i being hacked?
Most likely not. Verify your systems integrity if you want to be sure.
Distribution: Gentoo 2004.2, Slackware 10, Windows XP, Windows 2003 Server
Well this had me curious tho. I left my computer on overnight and it was acting a bit sluggish. Of course i figured i would just kill them but after i did that, i realized that i shouldn't written them down *tearinox smacks his head*
Is there a log that tells me what users are doing what by default? Or where are all the log files in gerneral? thx
Originally posted by tearinox
Or where are all the log files in gerneral? thx
All the logs files are in /var/log, check them all carefully and look for anything
out of the ordinary.
Be sure to follow UnSpawn's advice too.
If everything is safe, install aide.
It's an integrity checker and can detect changes in files, so it gets pretty hard
for anyone to crack your box and change stuff.