Help me analysis what did hacker do?
Hermantino.SINGODIWIRJO at supinfo.com
Thu Jul 17 01:48:05 PDT 2003
> In / directory I find out a .bash_history file.
What a strange "cracker" who leaves behind him a .bash_history in / ??? did you mean ~/
Moreover It is a good Idea if this "cracker" got root to backup the original ~/.bash_history first to restore it afterwards. Don't forget also that the backup process will change the date of the file, so it is also a good idea to restore the old time flag on your retored file :)
cp ~/.bash_history ~/.bash_history_back
ls -l ~/.bash_history
-rw------- 1 xxx xxx 1185 jui 16 20:42 /home/xxx/.bash_history
[do what you want]
cp ~/.bash_history_back ~/.bash_history && rm ~/.bash_history_back
touch -t 07162042 ~/.bash_history
This would restore the original time flag of the file, but take care of the last command (the backup process) that you left behind you after backuping the file. Enventually clear the entry by hand before the 'touch'.
Finally it is also handy to clear the log files >
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security