Please help...Very wierd securityhardware problems with SuSE 10.0

composlinuxmisc

Probably the best thing to do, is to pit a new disk of tehe same type on the machine, and dump the old setup onto it.

Then I would carefully reinstall onto the old disk (or the new - whichever) and run file size date and checksum comparisons on EVERYTHING.

You will discover which files are different from the new distro.

In order to actually DO anything though, your hacker will have had to later files that might reasonably be expected to be in constant use - things like the login programs and scripts, the daemons and so on.

Most hackers aren't THAT good and will have left traces somewhere..its not possible to alter a machine and keep everything identical, the problem is that so much does change on a Linux box..but executables NEVER do. (well almost never: You CAN write them to modify themselves by way of configuration).

What you are looking or is an executable whose version number is the same as the distro, but whose size and checksum have altered. A REALLY good hacker can make his the same on both of those, but an altered executable will NEVER show byte for byte idenbreasty with the original.

As a last resort, thats what you have to do.