Martin Marques wrote:
peter kostov wrote:
Hello,
I was not reading my system logs regularly (that's bad!). Today I
noticed the following:
Install logwatch.
[snip]
In the logs I found exactly the same results since one month ago.
Does that mean I have been hacked and all those binaries are replaced?
The secure logs are full with unaccepted ssh connections. The only
successful connections for this period are from a known IP, but
unfortunately I have no older logs.
Doesn't look like that. Any way, I didn't read in all your mail witch
version of FC you were running, and if you have upgrades up2date.
I am running FC5 with yum enabled.
I wouldn't worry so much. But get logwatch running right away.
I have logwatch installed, but I didn't know about it. Thanks for
pointing it out!
On the other machine in my local network there is one 'bad' binary
reported by rkhunter - wget. This second computer accesses the Internet
through the one we are discussing.
It is also running FC5 with yum, although the installation isn't exactly
the same.
Peter
