GGI Legacy Site

We have a new look. Please see our new home page.

 

Internet Security: Hacker Targets

TARGETED SYSTEM BINARIES AND DIRECTORIES

If you think your site has been invaded by an intruder, check these system binaries for inconsistencies:

  • /bin/login

  • /bin/ls

  • /usr/etc/in.telnetd

  • /usr/sbin/ifconfig

  • /usr/etc/in.ftpd

  • /bin/df

  • /usr/etc/in.tftpd

  • /usr/lib/libc.a

  • /usr/ucb/netstat

  • /usr/ucb/cc

  • /bin/ps


Also check these files:
  • /.rhosts

  • /etc/hosts.equiv

  • /bin/.rhosts

  • /etc/passwd

  • /etc/group

  • /var/yp/*(nis maps)

  • root environment files (.login, .cshrc, .profile, .forward)
  •  

Look for hidden directories created by the intruders in:
  • /tmp

  • /var/tmp

  • /etc/tmp

  • /usr/spool

  • usr/lib/cron