Slackware iptables hacked - how to prevent again?
Was running Slackware 14.1 with iptables when noticed commands in history that were not mine and permissions had changed on some files. The firewall rules were very simple
Input drop Forward drop Output drop With established,related rule. What did I do wrong. Thanks to all for help. |
Slackware iptables hacked - how to prevent again?
Physical access and password guessed ?
Did you scanned for rootkits ? |
Did not scan for root kits.
No physical access possible. Possible to have guessed password. |
Slackware iptables hacked - how to prevent again?
Try rootkit hunter and chkrootkit.
Change password to stronger one. What commands where passed and wich file permissions have been modified ? |
The entire home directory was modified to permission 1755 from 755.
Programs containing commands were removed from /use/bin. Thanks for your help. |
Quote:
So you got yourself a root compromise. Removing those files is not enough. |
All times are GMT -5. The time now is 03:06 PM. |