On 4/15/06, Bob Holtzman <holtzm@sonic.net> wrote:
On Fri, 14 Apr 2006, Jason Spatafore wrote:

> 2. Check /etc/passwd and see if there are any accounts which are suspicious.
> Also check to see if there is an account with the UID of "0", other than
> root.

How about an entry like nobody:x:99:99:Nobody:/:/sbin/nologin?


No, nobody is usually used for daemons and such.