> If your attacker was sloppy, you may find useful > information in the users history file, .bash_history, > especially those users with uid 0. oh! yes, i forgot all about the history! one of the files shows some really interesting information.. unfortunately, either the history size was set too short, or they cleared this part: it doesnt show anything about removing the /var/log directory or tripwire. There is a lot of other information to process though.. thanks for the reminder =) ===== ----(Joe Topjian)--------- web: http://terrarum.net email: auximiniat_private -------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 11:20:16 PDT