Security Basics mailing list archives
AW: Deletion of all files owned by specific owner
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 15 Nov 2004 09:46:17 +0100
It sounds like someone executed the followoing command: user@host~:# find -uid `id -u` -exec rm -f {} \; Check the ~/.bash_history for the user, if you have and kind of process accounting or auditing this could help you. Otherwise, check /var/log/messages, or /var/adm/messages or whereever your logs are to see if the command produced any errors that might have been logged. other than that, you are probably in the cold without a jacket. Cheers, Chris
-----Ursprüngliche Nachricht----- Von: D Hull [mailto:dbhull1 () hotmail com] Gesendet: Freitag, 12. November 2004 07:43 An: security-basics () securityfocus com Betreff: Deletion of all files owned by specific owner This evening, all of the files owned by a specific user were removed from a server, including the user's home directory and files owned on an NFS mounted partition. I did not have any baselines in place to help troubleshoot this problem so I am starting from scratch and don't have much to go on. I realize I am in a bad spot. I am able to recover the data. I need to be able to determine what happened though - as best as possible under the circumstances. Any suggestions would be greatly appreciated.
Current thread:
- AW: Deletion of all files owned by specific owner Meidinger Chris (Nov 15)