Anonymous Reader writes "Jay Beale (from Bastille Linux) answers the questions "How can I determine if my Linux server has been hacked? How can I be sure that I haven't been hacked?" He starts out by saying
Being hacked is a lot like being haunted--odd things are afoot that you may or may not notice. Of course he talks about Tripwire, but he also talks about how Tripwire gets defeated by kernel level rootkits and how you can detect or defeat those. He even uses NMAP as an intrusion detection tool!"
February 12, 2003