Procurando Rastros de Intrusos
Prompt % more /var/adm/messages
Mar 21 10:36:04 host8 su: ‘su root’ failed for user1 on /dev/ttyp2
Mar 21 10:36:08 host8 su: ‘su aaa’ succeeded for user1 on /dev/ttyp2
Mar 21 16:00:59 host8 xntpd[121]: Previous time adjustment didn’t complete
Mar 24 15:01:44 host8 login: REPEATED LOGIN FAILURES ON console, user3
Mar 25 11:42:51 host8 shutdown: reboot by user1
Mar 25 11:42:53 host8 syslogd: going down on signal 15
Mar 25 11:48:04 host8 su: ‘su aaa’ succeeded for user1 on /dev/ttyp0
Mar 28 15:47:19 host8 login: ROOT LOGIN REFUSED ON ttyp3 FROM machine.sub.domain
Mar 28 16:12:12 host8 login: ROOT LOGIN console
Apr 13 15:58:35 host8 su: ‘su aaa’ failed for user1 on /dev/ttyp0
Se você suspeita que um intruso tenha estado no seu sistema mas já
o deixou, use os comandos e arquivos descritos nesta sessão.