Security Incidents mailing list archives

Re: info

From: "Joe T." <auximini () yahoo com>
Date: Fri, 3 May 2002 18:05:19 -0700 (PDT)

If your attacker was sloppy, you may find useful
information in the users history file, .bash_history,
especially those users with uid 0.


oh! yes, i forgot all about the history!
one of the files shows some really interesting information..
unfortunately, either the history size was set too short, or they cleared this part: it
doesnt show anything about removing the /var/log directory or tripwire.

There is a lot of other information to process though..

thanks for the reminder  =)

=====
----(Joe Topjian)---------
web:   http://terrarum.net
email: auximini () yahoo com
--------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

info Joe T. (May 03)
- RE: info Loki (May 03)
  - RE: info Joe T. (May 06)
- Re: info W.G. Iyer (May 06)
  - Re: info Joe T. (May 06)
    - Re: info Jose Nazario (May 06)
- Re: info Michel Arboi (May 06)
- <Possible follow-ups>
- RE: info dlaumann (May 06)
  - RE: info Head of the Councel of Wizards (May 07)