Hi all!

Yesterday I got home late at night and was about to shutdown my linuxbox. It works as a router/firewall by the way.

The first strange thing was that the machine was crashed. Totally numb. This never happened. And the second thing was that when I shutted down the system, and when it rebooted, at some moment, gave me a prompt like this: "sh-300#"

Today I woke up and decided to take a look and didn't find anything weird... On the ps list I found a process running with this name: "inputattach". Does anybody know what this does. Anyway I don't remember if it was running already or not.

Thank you.

i believe this process is associated with serial devices and is not a trojan (etc) as you may be worried about.

IMNSHO it isn't enough to counter a question about a (suspected) compromise with a single line answer starting with "I believe". Ask yourself, if this was a compromise, can any output be trusted? (No) Or, how hard is it to run a process under a different name? (Trivial). If you suspect something then get assurance the right way. And if, after going through the process, it appears to be a false positive, cool, in any case exercise should give you more knowledge and you likely will know somewhat better what to do when a "real" compromise turns up. Wanna know more? Check out the LQ FAQ: Security references under "Compromise, breach of security, detection".