Have a look at these tripwire logs...
Whats up....
I was going through my TRIPWIRE logs and noticed a few things that caught my eye and am sort of worried, i have been hacked. Here is all the stuff i have been doing just soo you know just in case these things could have made my logs look like someone has hacked my box.Im just trying to give you as much info as possible:
1>I installed SNORT with mysql+acid+apache+webmin+netssl --on Saturday(got it working :D )
2>I updated my linux machine with the recent updates. I Cant rmeber them exactly PAM was one of them and a few other recent ones that were just released. From Redhat
3>I deleted and created USER.
4>I have ran chkrootkit and it fond nothng but a suspicious directory reagarding netssl but nothng other than that.("/usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/Net/SSLeay/.packlist")
5>I ran a port scan yesterday and all ports were filtered.
#####If you need to know my TRIPWIRE configuration is installed it and configured it exactly
from here: http://www.linuxsecurity.com/feature...story-81.html.
If you need any other info i can post it...Sorry for the long log file but didnt want to leave anything out...if someone could browse throught it. My main concern was things like:
Modified
/bin/ls
Modified
/bin/chmod
Stuff like that.... got me shaking...
I have attached it in .TXT but if you change it to .DOC its nicer to look at :cool: