On 4/15/06, <b class="gmail_sendername">Bob Holtzman</b> &lt;<a href="mailto:holtzm@sonic.net">holtzm@sonic.net</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Fri, 14 Apr 2006, Jason Spatafore wrote:<br><br>&gt; 2. Check /etc/passwd and see if there are any accounts which are suspicious.<br>&gt; Also check to see if there is an account with the UID of &quot;0&quot;, other than
<br>&gt; root.<br><br>How about an entry like nobody:x:99:99:Nobody:/:/sbin/nologin?<br><br></blockquote><div><br>No, nobody is usually used for daemons and such.<br></div><br></div>