To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Sent: Wednesday, April 27, 2005 8:07 AM
Subject: Re: brute force ssh attack
On Wed, Apr 27, 2005 at 03:02:41PM +0200, Daniel Kirsten wrote:I use Fedora Core 3, and I installed all the updated rpm's. I use a kernel 2.6.12-rc3-RT-V0.7.46-02 (Ingo Molnar's patch)
Were there any interesting files in the users' home directories? (Look for hidden files too, of course -- maybe a hidden directory named ... or something.) Also check in /tmp and /var. And any luck with the .bash_history? (For both the users and for root....)
Especially /var/tmp - that's a common place for rootkits to live.
