Moe Trin wrote:

>>Also you can do simple checking of your server on known rootkits:
>>please load last version of chkrootkit and rkhunter utilities

> I'm not high on either - they are reactive programs that hope to catch
> a glimpse that your box is 0wn3d by some old skript kiddiez magic tool.

Agree completely. But the way I explain it to beginners is that rootkit
hunters are trying to prove a negative. If I get a blank look, my second
attempt is to tell them that absence of proof is not proof of absence. I
want something that's short and snappy, as people seem to remember it
better. New people are already floundering around trying to remember
massive amounts of new information, and I don't want to leave them
completely leaning on a tool that's really only somewhat trustworthy.

One other thing I do whenever it's practical is to modify

Protocol 2
PermitRootLogin no
AllowUsers space delimited list

and maybe use:
AllowGroups space delimited list

I suspect you didn't want to give a vi lesson via Usenet, or you'd have
covered the sshd tweak and restart. I *know* you know this stuff.

Now that I think about it, vi lesson via email really wouldn't be too hard.
I've done it over the phone often enough. If the OP emails me the need,
I'll attempt it. And save the file, if it's successful.

Greg Metcalfe
GPG fingerprint: 95B3 2BDD 9152 1E7D A240 37C1 7AE2 9B71 0065 F029