viewing logs

[kamtono]

what is ttymon

(from the manual i read : STREAMS-based TTY port monitor. Its function is to monitor ports, to set terminal modes, baud rates, and line disciplines for the ports, to identify and authenticate users, if required, and to connect users or applications to services associated with the ports. -- http://uw713doc.sco.com/en/man/html.1M/ttymon.1M.html)

is it dangerous, cause someone that i didn't know is exexcute that command

-------------------------

when i do "ps -ax" (root) i saw that have been any other guy is coming but when i do "w or who" but nothing give some clue who is it, and also do "last -a" to print who lately coming, but nothing i found

is it any method that someone could wipe the footprint ?

--------------------------

is it any basic terms that i have to do (some basic administering to hardening the linux box)

thanks for your concerned

[dessie]

well Kamtono

why don't u try reviewing ur logs: cat /var/log/messages, just to find out if the system has logged some intrusion.

u can also review the number of xinetd/inetd running services n check ur opened ports in the /etc/inetd.conf file. U can also try using iptables or ipchains to set a firewall on ur box. Implement an intruder detection system like PortSentry on box.

be smart make sure u are aware of the portson which the intrusion is made.

use this resource -www.yolinux.com, locate Linux Internet Security on the page and read about more ......

the best is in the penguin
so chill n get the man down !