After some checking it seems I over looked the fact if you have myth on your pc the default install gives you a myth user and default passwd. I have denyhosts, and block all root access, but now realised the myth user is able to ssh in. I tested this and found in june the myth user had logged in, and compromised my server. Seems bad that the user mythtv creates is given a normal account that is not set to nologin. I am currently backing up all the data and will be rebuilding the server tonight only way to be sure. chkrootkit shows no signs of any thing to worry about so this may be worth reading if you are a myth user as your server may be open to attack. My next build will have iptables as well as hosts.deny * except trusted & the firewall on my router. Any other good tips?
