Last week, in June 2017, Wikileaks released more “Vault 7” documents detailing an exploit of Redhat Enterprise 6 and derivatives (CentOS 6). The exploits loads the Netfilter module into the kernel and then creates hidden iptables rules that perform network traffic redirection. The redirection is based upon DNAT (Destination Network Address Translation) rules. Wikileaks posted the OutlawCountry User Manual here.
To determine if you may have been hacked, checked for the presence of the file: nf_table_6_g4.ko. To determine if you have the kernel modle loaded, use the command: “lsmod | grep nf_table”. The hack is effective against the default kernel version, 2.6.32. Your kernel version can be checked with the “uname -r” command.
Redhat has an informative advisory here.