Re: redhat audit

["Benjamin A. Okopnik" <ben () callahans org>]

On Mon, Jun 16, 2003 at 03:01:05PM -0600, Matthew Sallee wrote:
> recently my redhat box was compromised and i'm auditing changes that were made 
> (i didn't notice for several days).
>
> i've been trying to create a command that will allow me view all the files 
> modified in the last x number of days.
>
> i've tried piping ls to grep with minimal success. any help is greatly 
> appreciated...

Take a look at the "find" man page and particularly the
-[amc]{newer,time,min} switches - but don't forget that a file's atime
and mtime is trivially easy to set.


Ben Okopnik
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Sometimes when you set something free, it comes back to you only when
it wants food or money.
 -- SJM

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------