Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Deletion of all files owned by specific owner

From: "Dante Mercurio" <Dante () webcti com>
Date: Mon, 15 Nov 2004 09:15:29 -0500
I assume you have checked your log files and/or are not logging
pertinent information.

Perhaps a utility like this was run:
http://www.beyondlogic.org/solutions/delbyowner/delbyowner.htm

M. Dante Mercurio, CISSP, CWNA, Security+
Consulting Group Manager
Continental Technologies, Inc.
"We Connect and Protect Your Network"

10540 York Road, Hunt Valley MD  20131
11 East Front Street, Shiremanstown PA  17011

dante () webcti com
1-800-606-6060
410-666-3307 (Fax)
443-677-5192 (Cell)
www.webcti.com



-----Original Message-----
From: D Hull [mailto:dbhull1 () hotmail com] 
Sent: Friday, November 12, 2004 1:43 AM
To: security-basics () securityfocus com
Subject: Deletion of all files owned by specific owner




This evening, all of the files owned by a specific user were removed
from a server, including the user's home directory and files owned on an
NFS mounted partition.

I did not have any baselines in place to help troubleshoot this problem
so I am starting from scratch and don't have much to go on. I realize I
am in a bad spot. I am able to recover the data. I need to be able to
determine what happened though - as best as possible under the
circumstances. Any suggestions would be greatly appreciated.
Previous By Date Next
Previous By Thread Next

Current thread: