On Wed, 2003-03-26 at 22:55, Gerald Waugh wrote: > > ... having got root access for that... with ptrace exploit maybe? > > try to match `last' output with the modification times of the files. > > > The hard drive is on a Linux PC, is there some file i can look at. > I looked at most of the log files didn't see anything obvious.
last -f /your/mount/point/var/log/wtmp > I am begining to wonder if it wasn't the server admin that did it. Maybe... Does not look like an intrusion attempt. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
