Security Basics mailing list archives
Re: redhat audit
From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Tue, 17 Jun 2003 09:06:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 05:01 PM 6/16/2003, Matthew Sallee wrote:
recently my redhat box was compromised and i'm auditing changes that were made (i didn't notice for several days). i've been trying to create a command that will allow me view all the files modified in the last x number of days. i've tried piping ls to grep with minimal success. any help is greatly appreciated...
A. 'find' is your friend B. Timestamps can be easily faked to hide activity, so I wouldn't put too much reliance on them to determine what has changed. You're better off using MD5 checksums (running Tripwire by any chance?). Best bet though is to reinstall RH and restore your files from a known good backup. Good luck, Doug -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPu8STZ938qfSpraDEQL9kwCgw2Q3ADT1EPsGYFkCkj9iUZETgtMAoIVm am3dTiuKxEiYchGBJBhn0Dlj =hcaa -----END PGP SIGNATURE----- ------------------------------------------------------------ This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 8.0), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- redhat audit Matthew Sallee (Jun 16)
- Re: redhat audit Benjamin A. Okopnik (Jun 17)
- Re: redhat audit Florian Streck (Jun 17)
- Re: redhat audit Rick Hale (Jun 17)
- Re: redhat audit Tim Greer (Jun 17)
- Re: redhat audit Devdas Bhagat (Jun 17)
- RE: redhat audit Shane Lahey (Jun 17)
- Re: redhat audit Steve Frank (Jun 17)
- Re: redhat audit Mike Pettinicchio (Jun 17)
- Re: redhat audit exon (Jun 17)
- Re: redhat audit Douglas K. Fischer (Jun 17)
- Re: redhat audit Ulrich Keil (Jun 17)
- Re: redhat audit Luigi R. F. McMinn (Jun 17)
- Re: redhat audit Jan De Luyck (Jun 17)
- Re: redhat audit Pierre BETOUIN (Jun 17)
- Re: redhat audit Mark Ng (Jun 17)
- Re: redhat audit Volker Kindermann (Jun 17)
- <Possible follow-ups>
- RE: redhat audit Duane Beck (Jun 17)
- Re: redhat audit Tace (Jun 17)
- RE: redhat audit Klotz, Brian (Jun 17)
- Re: redhat audit Andrew Pretzl (Jun 17)
(Thread continues...)