On 4/15/06, Bob Holtzman <holtzm@sonic.net> wrote:
>
> On Fri, 14 Apr 2006, Jason Spatafore wrote:
>
> > 2. Check /etc/passwd and see if there are any accounts which are
> suspicious.
> > Also check to see if there is an account with the UID of "0", other than
> > root.
>
> How about an entry like nobody:x:99:99:Nobody:/:/sbin/nologin?
>
>
No, nobody is usually used for daemons and such.