On Tuesday 27 December 2005 17:57, Dave Feustel wrote:
> One of the big clues that I have an intruder in my system was that the
> permissions I was applying to those devices kept getting changed again
> after I set restricted permissions.

Is that the only indication you have about this ? On mandrake you have 
security scripts which are run daily or even hourly and reset permissions on 
most "sensitive" files, are you sure you're not seeing the same kind of 
stuff ? I'd check your system logs first.

For what it's worth, I've had a linux machine rooted once (with the 
'tornkit'). Believe me when I tell you that this kind of thing goes to a very 
great length to hide itself. In short, you will *not* detect them simply by 
seeing some permission changes. So I find it very unlikely that some cracker  
would be cunning enough to crack an openBSD machine only to let himself be 
detected so easily.

-- 
Guillaume.
http://www.telegraph-road.org
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<