[mythtv-users] OT. Have I been hacked? IRCD?

Ross Campbell ross.campbell at gmail.com
Tue Dec 14 00:12:35 UTC 2004


I'll assume this is a home machine and your priority is to ensure that
you have not been hacked, or to "clean" the machine. Be aware that the
best way to clean up after being hacked is to reinstall the OS and
restore a pre-hack known good dataset (after all, If someone logged in
to your system as root, who knows what they changed!)

If you *are* hacked, something like SNORT might help you trace down
catch the culprit - http://www.snort.org/about.html . Having SNORT
installed on a system prior to being hacked would be most helpful. :)

I would suggest you start by checking all of your system logfiles and
look for any irregularities

Then, you should get and run chkrootkit to check for any _known_
rootkit installs - http://www.chkrootkit.org

Apply any OS security patches. Patch (by hand if necessary) any
non-distro packaged tools installed that have know security holes.

Lastly, run a general security audit of your system (and your
firewall/router). I'd use nessus for that and close down any ports or
services that are unnecessary - http://www.nessus.org


-Ross


More information about the mythtv-users mailing list