for redhat, "rpm -Va" checks all rpm-installed files and verifies them. look for the "5" in the status field on things like ls, ps, and netstat. that's a big danger sign.
blatant things that happened to me were my password getting changed on remote machines and local syslog files being blown away. also, tcpdump or snoop showing unusual network activity, or nmap (ideally from another machine) finding unusual ports open.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2005-04-05 09:41 pm (UTC)blatant things that happened to me were my password getting changed on remote machines and local syslog files being blown away. also, tcpdump or snoop showing unusual network activity, or nmap (ideally from another machine) finding unusual ports open.