Files modified by intruders
See http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl

• Client programs
  • du, ls, ps, su
  • ifconfig, netstat, ping, telnet
• Server programs
  • in.rlogind, in.rshd, in.telnetd
  • inetd, lockd, statd
  • rpc.ttdbserverd, sshd, login
• Configuration files
  • /etc/hosts.equiv, /.rhosts, and /usr/bin/.rhosts
  • /etc/hosts.allow and /etc/hosts.deny
  • /etc/inet/inetd.conf
  • /etc/passwd and /etc/shadow (e.g., chmod 666)