Happy Thursday -
First facts: Distro Slackware 10.0 reasonably current (up thru Sep. 5, 2004 for packages I know I use). Rootkit Hunter 1.1.8. found a problem with syslogd. I went and looked. syslogd, klogd both were of different sizes than I thought should be there - no patch that I thought I should have installed should have modified them from the 10.0 install). I reinstalled the distribution packages, and rkhunter is now happy. Well, and good.
I saved off the suspect commands (renamed them and also ran chmod -x)
Now. - mind you, at this point I'm fairly well out of my depth. So, questions:
Is there any reasonable way I can find out how I obtained the suspect files? Is there any use or utility in the files I saved off? It's beyond my skill, but is there some mailing list,etc that would like to examine them?
And what steps can I take to prevent this?
Other things: standalone system; dialup only. firewall is via
2.0rc9 (newbie defaults)
Thanks in advance for any answers/advice