Internet Security: Hacker Targets

TARGETED SYSTEM BINARIES AND DIRECTORIES

If you think your site has been invaded by an intruder, check these system binaries for inconsistencies:

• /bin/login


• /bin/ls


• /usr/etc/in.telnetd


• /usr/sbin/ifconfig


• /usr/etc/in.ftpd


• /bin/df


• /usr/etc/in.tftpd


• /usr/lib/libc.a


• /usr/ucb/netstat


• /usr/ucb/cc


• /bin/ps

• /.rhosts


• /etc/hosts.equiv


• /bin/.rhosts


• /etc/passwd


• /etc/group


• /var/yp/*(nis maps)


• root environment files (.login, .cshrc, .profile, .forward)
 

• /tmp


• /var/tmp


• /etc/tmp


• /usr/spool


• usr/lib/cron