how to tell whe you have a hacker?
Jeremy C. Reed
reed at reedmedia.net
Fri Feb 17 17:52:19 MST 2006
On Fri, 17 Feb 2006, Mike wrote:
> but will there be extra processes or can they get in without a new process?
A cracker usually starts new processes.
> I have a process running that I do not remember from dial-up days. It is
> ssh-agent (secure shell?) but it is probably only because I now use
> cable-net.
I also use ssh-agent.
Run "env" and see if you have a SSH_AUTH_SOCK and SSH_AGENT_PID defined.
If so, see if that SSH_AGENT_PID matches your process id of ssh-agent.
And see if the file referenced by SSH_AUTH_SOCK is owned by you.
If you have the SSH_AUTH_SOCK environment variable set, you can run
"ssh-add -l" to list the identities that ssh-agent has loaded.
If you don't have those environment variables, look for a
/tmp/ssh-*/agent* file and see who owns it.
Jeremy C. Reed
technical support & remote administration
http://www.pugetsoundtechnology.com/
More information about the PLUG-discuss
mailing list