Re: how to tell when you have a hacker?

bmike1@0[bmike1]$ sudo env
SSH_AGENT_PID=2476
TERM=xterm
SHELL=/bin/bash
XDM_MANAGED=/var/run/xdmctl/xdmctl-:0,maysd,mayfn,sched,rsvd
QTDIR=/usr/share/qt3
OLDPWD=/home/bmike1
USER=root
SSH_AUTH_SOCK=/tmp/ssh-aJsV2448/agent.2448
KDEDIR=/usr
KONSOLE_DCOP=DCOPRef(konqueror-26933,konsole)
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/
bin
KONSOLE_DCOP_SESSION=DCOPRef(konqueror-26933,session-1)
PWD=/home/bmike1
LANG=en_US
HOME=/home/bmike1
SHLVL=1
LOGNAME=root
DISPLAY=:0
_=/usr/bin/sudo
SUDO_COMMAND=/usr/bin/env
SUDO_USER=bmike1
SUDO_UID=1000
SUDO_GID=1000
bmike1@0[bmike1]$ ls -l /tmp/ssh-aJsV2448/agent.2448
srwxr-xr-x    1 bmike1   bmike1          0 2006-02-17 16:47 /tmp/ssh-aJsV2448/
agent.2448
bmike1@0[bmike1]$ ls -l /tmp/ssh-*/agent*
srwxr-xr-x    1 bmike1   bmike1          0 2006-02-17 16:47 /tmp/ssh-aJsV2448/
agent.2448
bmike1@0[bmike1]$

>     Checking `sshd' ... /usr/bin/strings: Warning: `/' is not an ordinary file
>     not infected

>     Checking 'lkm' ... You have      4 process hidden for ps command
>     Warning: Possible LKM Trojan installed