Related to root login

[Swapana Ghosh]

Hi

Thanks a lot for all of your answers ...

>>There's a good possibility that while using telnet
instead of ssh that
>>your root password has been sniffed and the box has
been compromised.
>>You may want to consider using an intrusion
detection system such as
>>Tripwire to be able to monitor file changes, and
never ever use telnet
>>anywhere except on a protected lan. Do you have any
way of verifying the
>>system integrity now?


This is not our sever.. It is one of our clinet's...We
have asked several
times but he will use *telnet*...

I have nothing to verify - but just came to know that
from the client's side somebody
was trying to change the /etc/passwd file and after
that it started behaving like 
this...I myself is not too experienced in the Sysadmin
area...so need help..

If you all can advice me what to check and where, it
will be helpful... I am already
compamring though with the files like sudo, su with
our existing server , which
has same type of configuration....

Thanks again.
-Swapna



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com