I have a Red Hat 7.3 server, and I have just noticed after reviewing log files that someone has obtained root access to my server. I have an ip address, and changed the root password. I have also noticed that I have two /sbin/nologin scripts in /sbin. So, I tried logging in under a system service, and found each of these services were able to log in with superuser access. I am fairly familiar with linux, and have run it as a deskop for a couple of years, but I am new at running it in a server environment. Do any of you have ideas as to what my next step should be, and any other places to look for possible backdoors. Thank you very much.