I am using Red Hat 7.1. How do I see what accts were added at what times? The reason that I ask is because I just saw a user on my PC which I have no idea how it got there! It scares me because my system may have been compromised.

Sorry. I found a file that helped me out. It is /var/log/messages. It shows they added 2 users and a group! They made one user a shell of /var/lib/rpm. I did not do this!

Is there any way that I can catch this person? The only way that they could have came in was through my server/router. I have iptables on that, but I guess it wasn't enough. I don't have a firewall on this machine.

What are the names of these users? They're most likely just system accounts that were added while installing some software. If they're human names, you need to immediately back up the data, nuke your entire hard drive, and install from scratch, but if they're system-sounding names you need to examine where they came from to see if they're legit.