Be very careful. Many people miss this bit of info:
Check for installed RSA/DSA keys in any ssh accounts. Just because you
change passwords doesn't mean you're safe. He/She may have a stray
account that, if an RSA/DSA key was installed would give acces without
password needed.
-Dave
On Fri,
On Thu, 2003-10-23 at 22:02, Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 24 October 2003 11:11 am, Jack Coates wrote:
define good; there's not a lot of ways that don't involve hard feelings.
Assuming that telling him it didn't working out and walking him
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear all,
Is it possible to erase activities in the bash_history file without being
known? And also in wtmp?
How is it possible?
Thanks
- --
Fajar http://linux.arinet.org
Linux mdk91.sistek.kom 2.4.21-0.13mdk GNU/Linux
14:18:02 up 6:31, 11 users,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fajar Priyanto wrote:
Dear all,
Is it possible to erase activities in the bash_history file without being
known?
Sure:
$ history -c
$ vi ~/.bash_history
And also in wtmp?
Yes, just chmod the file(s) to make it writeable and modify it with an
Installing chkrootkit might be able to tell you when
wtmp has something delete in it. I am saying might
because there might be another way to cover that too.
_Thanks
Richard
--- Fajar Priyanto [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear all,
Is it possible
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing the logfiles.
BTW, ssh has its own access log so check that one too for
inconsistencies with wtmp.
On Thu, 2003-10-23 at 00:20, Fajar Priyanto wrote:
-BEGIN PGP
all of those will update the atime though, leading to getting caught.
You need something sneakier to do it right :-/
Phrack and 2600 are full of nice little howtos for this sort of thing,
some of which are intensely technical.
On Thu, 2003-10-23 at 01:06, KevinO wrote:
-BEGIN PGP SIGNED
tripwire would be even better, but the best thing of all is a modified
version of Mandrake's own secure scripts setup (which is copied from
Debian). This is the script that sends you nightly emails about
differences in network ports, packages, c.? Well, make a copy that runs
every five or ten
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 23 October 2003 09:48 pm, Jack Coates wrote:
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing the logfiles.
BTW, ssh has its own access log so check that one
On Thu, 2003-10-23 at 17:58, Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 23 October 2003 09:48 pm, Jack Coates wrote:
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing the
On Thursday 23 October 2003 05:58 pm, Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 23 October 2003 09:48 pm, Jack Coates wrote:
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing
On Thu, 2003-10-23 at 17:58, Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 23 October 2003 09:48 pm, Jack Coates wrote:
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing the
Fajar Priyanto wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 23 October 2003 09:48 pm, Jack Coates wrote:
.bash_history is cake; just kill -9 your own session instead of using
logout or exit. wtmp is harder, that'll involve editing the logfiles.
BTW, ssh has its own access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 24 October 2003 11:11 am, Jack Coates wrote:
define good; there's not a lot of ways that don't involve hard feelings.
Assuming that telling him it didn't working out and walking him to the
door isn't a possibility, your options are all
14 matches
Mail list logo
