--- technomage wrote: > ok, > as a safety measure when I first found an intruder on my system some weeks > back, I changed all passwords, ran chattr +ui on some specified directories Hmm.... the fact that you had an intruder is not a good sign. Even though you changed the passwords, etc, there may have already been someting in place that passed that info back to the intruder. Any idea on how long the intruder had access to your system? Personally, I would cut my loses - print (yes print) any config files that you want to re-implement, wipe the box and re-install from scratch. Or if you have the disk to spare, rebuild the system on a new disk. Once done, mount up the old disk - dont run anything from it - and give it a thorough going over - see if you can figure out what was done to compromise the system. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com