|
Security Incidents
mailing list archives
Re: info
From: "Joe T." <auximini () yahoo com>
Date: Fri, 3 May 2002 18:05:19 -0700 (PDT)
If your attacker was sloppy, you may find useful
information in the users history file, .bash_history,
especially those users with uid 0.
oh! yes, i forgot all about the history!
one of the files shows some really interesting information..
unfortunately, either the history size was set too short, or they cleared this part: it
doesnt show anything about removing the /var/log directory or tripwire.
There is a lot of other information to process though..
thanks for the reminder =)
=====
----(Joe Topjian)---------
web: http://terrarum.net
email: auximini () yahoo com
--------------------------
__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- info Joe T. (May 03)
- <Possible follow-ups>
- RE: info dlaumann (May 06)
- RE: info Head of the Councel of Wizards (May 07)
|
Intro
