Security Incidents mailing list archives
Re: Root password changed
From: "james" <jamesh () cybermesa com>
Date: Mon, 6 Jan 2003 13:48:16 -0700
Check the history files for root and anyone who can su/sudo to root. If someone fat fingered roots account it will show here; if a hack then the history file may not be wiped. james ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Root password changed RCS (Jan 06)
- Re: Root password changed james (Jan 07)
- RE: Root password changed Michael LaSalvia (Jan 07)
- Re: Root password changed Chris Barford (Jan 07)
- Re: Root password changed sysadmin (Jan 07)
- Re: Root password changed Adam Bultman (Jan 07)
- Re: Root password changed Joe Kattner (Jan 07)
- Re: Root password changed Lisa Casey (Jan 07)