||02-19-2008 07:00 AM
Originally Posted by theunixwizard
I have been noticing weird thing's on my computer such as C apps that I didn't build and Weird file's in /tmp.
Collateral like that could point to a breach of security. I'd appreciate it if you could give more specific names ('ls -alZ' or 'stat' the files). To make certain, you best review what users have logged on, check your logs, what processes are running, what files and connections are open and verify the integrity of your machine. If you want a checklist you could use the Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html
. Post anything that looks weird (preferably in BB code tags).
If your box appears to be clean then you do not want a keylogger, you want to take away opportunities for people to do mischief and log whatever is going on (aka basic hardening and auditing). Whatever that means depends on how the machine is attached to the network, what services it provides and who is allowed to access. Before hardening you have to make certain the box is clean though, else it makes no sense.