On 4/27/05, Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> wrote: > > something.) Also check in /tmp and /var. And any luck with the > > .bash_history? (For both the users and for root....) > > Especially /var/tmp - that's a common place for rootkits to live. a doubt here , i checked /tmp and found srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4 why does this file (socket) have different owner and user, while all others have either root or userabc. drwxrwxrwt 2 xfs xfs 4096 Apr 29 22:30 .font-unix this hidden file also has different permission and different owner and user, while others have either root or userabc. xfs and wnn ? are not users created by me so where did they come from ? Can someone please clear this silly doubt. -- MR
