neat little tip...

[mad_hatter]

I was reading Marcel Gagne's book called 'Linux System Administration' and whilst reading his chapter on security techniques, I came across an interesting thing he mentioned. He was discussing various ways to tell if one's system had been cracked. The one that really got my attention was the part whereby an attacker puts a file in a user's home directory named '.. '. That is two periods followed by a space! I checked it out, and thought to myself, 'The clever, nasty, little bugger!' The first period hides the directory from normal view on a typical 'ls -l' command and even when one uses the 'ls -la' command to show all hidden files, the '.. ' directory shows itself to be an innocuous, little directory just like the normal '..' thing one always sees in a listing. It's very easy to miss if one isn't paying attention.

Just thought I'd throw that idea out. I tried it on my linux system, and found that, yes, indeed, one can really hide a file like that! Checking it out from the command line via a 'ls -a' command, the partial list looks something like
./
../
.. /
a_file/

and so on. Note the space in the third entry!

Cheers.

[jasonlambert]

there are a lot of tricks that are often used.

A very good piece of software is www.chkrootkit.org which can look for various known pieces of "malicious" software that would indicate your system had been rooted.

Jason