Intrusion Detection - I need help

I've noticed some odd behavior on my server in the last week or so. Crashing, processes hanging, etc. I am trying to determine if my system has been compromised. I am the only user on the dedicated cPanel server. There is a root account, and 1 restricted user account that I use for my website. There is 1 other account that I use as login to the box, and it is a member of the wheel group. Root access to SSH is disabled, and a non-standard port is used. I have installed APF, BFD, and LES.

My main question is about LES. This page (http://www.linux.com/howtos/Security...ntrusion.shtml) suggests that I run the command:

PHP Code:
/usr/bin/lsattr `echo $PATH | tr ':' ' '` | grep i-- 
The page states that if you get any results, you should worry big. I am getting the following results, but wonder if LES made these changes.

root@host [/]# /usr/bin/lsattr `echo $PATH | tr ':' ' '` | grep i--
/usr/bin/lsattr: No such file or directory while trying to stat /usr/local/jdk/bin
/usr/bin/lsattr: No such file or directory while trying to stat /usr/local/jdk/bin
----i-------- /usr/kerberos/bin/afslog
----i-------- /usr/kerberos/bin/kstring2key
----i-------- /usr/kerberos/bin/pagsh
----i-------- /usr/bin/eu-elflint
----i-------- /usr/bin/eu-readelf
----i-------- /usr/bin/eu-nm
----i-------- /usr/bin/eu-strip
----i-------- /usr/bin/eu-size
----i-------- /usr/bin/chage
----i-------- /usr/bin/faillog
----i-------- /usr/bin/gpasswd
----i-------- /usr/bin/lastlog
----i-------- /usr/bin/sg
----i-------- /usr/bin/find
----i-------- /usr/bin/xargs
----i-------- /usr/bin/newgrp
----i-------- /usr/bin/rpm2cpio
----i-------- /usr/bin/gendiff
----i-------- /usr/bin/rpmdb
----i-------- /usr/bin/rpmquery
----i-------- /usr/bin/rpmsign
----i-------- /usr/bin/rpmverify
----i-------- /usr/bin/addr2line
----i-------- /usr/bin/ar
----i-------- /usr/bin/as
----i-------- /usr/bin/gprof
----i-------- /usr/bin/ld
----i-------- /usr/bin/nm
----i-------- /usr/bin/objcopy
----i-------- /usr/bin/objdump
----i-------- /usr/bin/ranlib
----i-------- /usr/bin/readelf
----i-------- /usr/bin/size
----i-------- /usr/bin/strings
----i-------- /usr/bin/strip
----i-------- /usr/bin/cmp
----i-------- /usr/bin/diff
----i-------- /usr/bin/diff3
----i-------- /usr/bin/sdiff
----i-------- /usr/bin/dig
----i-------- /usr/bin/host
----i-------- /usr/bin/nslookup
----i-------- /usr/bin/nsupdate
----i-------- /usr/bin/mail-files
----i-------- /usr/bin/mailshar
----i-------- /usr/bin/remsync
----i-------- /usr/bin/shar
----i-------- /usr/bin/unshar
----i-------- /usr/bin/uudecode
----i-------- /usr/bin/uuencode
----i-------- /usr/bin/berkeley_db_svc
----i-------- /usr/bin/db_checkpoint
----i-------- /usr/bin/db_archive
----i-------- /usr/bin/db_deadlock
----i-------- /usr/bin/db_dump
----i-------- /usr/bin/db_dump185
----i-------- /usr/bin/db_load
----i-------- /usr/bin/db_printlog
----i-------- /usr/bin/db_recover
----i-------- /usr/bin/db_stat
----i-------- /usr/bin/db_upgrade
----i-------- /usr/bin/db_verify
----i-------- /usr/bin/memusagestat
----i-------- /usr/bin/combinediff
----i-------- /usr/bin/dehtmldiff
----i-------- /usr/bin/editdiff
----i-------- /usr/bin/espdiff
----i-------- /usr/bin/filterdiff
----i-------- /usr/bin/fixcvsdiff
----i-------- /usr/bin/flipdiff
----i-------- /usr/bin/grepdiff
----i-------- /usr/bin/interdiff
----i-------- /usr/bin/lsdiff
----i-------- /usr/bin/recountdiff
----i-------- /usr/bin/rediff
----i-------- /usr/bin/splitdiff
----i-------- /usr/bin/unwrapdiff
----i-------- /usr/bin/memusage
----i-------- /usr/bin/pcprofiledump
----i-------- /usr/bin/mtrace
----i-------- /usr/bin/xtrace
----i-------- /bin/tracepath
----i-------- /bin/ping
----i-------- /bin/ping6
----i-------- /bin/tracepath6
----i-------- /bin/traceroute6
----i-------- /bin/doexec
----i-------- /bin/ipcalc
----i-------- /bin/usleep
----i-------- /bin/rpm
----i-------- /usr/sbin/pwunconv
----i-------- /usr/sbin/pwck
----i-------- /usr/sbin/arping
----i-------- /usr/sbin/clockdiff
----i-------- /usr/sbin/ping6
----i-------- /usr/sbin/tracepath
----i-------- /usr/sbin/tracepath6
----i-------- /usr/sbin/traceroute6
----i-------- /usr/sbin/adduser
----i-------- /usr/sbin/chpasswd
----i-------- /usr/sbin/groupadd
----i-------- /usr/sbin/groupdel
----i-------- /usr/sbin/groupmod
----i-------- /usr/sbin/grpck
----i-------- /usr/sbin/grpconv
----i-------- /usr/sbin/grpunconv
----i-------- /usr/sbin/newusers
----i-------- /usr/sbin/pwconv
----i-------- /usr/sbin/useradd
----i-------- /usr/sbin/userdel
----i-------- /usr/sbin/usermod
----i-------- /usr/sbin/sys-unconfig
----i-------- /usr/sbin/usernetctl
----i-------- /sbin/arping
----i-------- /sbin/ifenslave
----i-------- /sbin/rdisc
----i-------- /sbin/insmod_ksymoops_clean
----i-------- /sbin/depmod
----i-------- /sbin/genksyms
----i-------- /sbin/insmod
----i-------- /sbin/insmod.static
----i-------- /sbin/kernelversion
----i-------- /sbin/kallsyms
----i-------- /sbin/modprobe
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/gccmakedep
----i-------- /sbin/ksyms
----i-------- /sbin/lsmod
----i-------- /sbin/modinfo
----i-------- /sbin/rmmod
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/xft-config
----i-------- /sbin/installkernel
----i-------- /sbin/grubby
----i-------- /sbin/new-kernel-pkg
----i-------- /sbin/mkinitrd
----i-------- /sbin/nash
----i-------- /sbin/mkkerneldoth
----i-------- /sbin/consoletype
----i-------- /sbin/genhostid
----i-------- /sbin/getkey
----i-------- /sbin/ifdown
----i-------- /sbin/ifup
----i-------- /sbin/initlog
----i-------- /sbin/minilogd
----i-------- /sbin/redhat-support-check
----i-------- /sbin/netreport
----i-------- /sbin/ppp-watch
----i-------- /sbin/setsysfont
----i-------- /sbin/service
----i-------- /sbin/jfs_debugfs
----i-------- /sbin/jfs_fscklog
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/gccmakedep
----i-------- /sbin/jfs_logdump
----i-------- /sbin/jfs_tune
----i-------- /sbin/mkfs.jfs
----i-------- /sbin/jfs_mkfs
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/xft-config
----i-------- /sbin/jfs_fsck
/usr/bin/lsattr: No such file or directory while trying to stat /home/swmadmin/bin
----i-------- /sbin/fsck.jfs
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/gccmakedep
/usr/bin/lsattr: No such file or directory While reading flags on /usr/X11R6/bin/xft-config

I run chrootkit and rkhunter everyday. They do not discover anything. Can anyone help? Am I screwed?

Thank you

 

 

 

 

Top