[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: FC9 Compromised...
- From: Aldo Foot <lunixer gmail com>
- To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
- Subject: Re: FC9 Compromised...
- Date: Fri, 27 Feb 2009 16:08:31 -0800
On Fri, Feb 27, 2009 at 3:32 PM, Patrick O'Callaghan
<pocallaghan gmail com> wrote:
> On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
>> You could try booting with a LiveCD and use find to expose files
>> created recently.
>
> No good. A rootkit could have changed the file creation time.
True. But years ago, while gathering data from a compromised system
I came across an executable named "zap" and the command strings
showed what was supposed to happen to wtmp files and the like. So,
file names alone may be suspicious.
~af
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]