"H.J.Bathoorn" wrote: > > > > Anyhow here is an excerpt from /var/log/syslog from boot time to shutdown > > time on May 20. I also include /etc/crontab and a listing of the /etc/cron* > > directories in case they are relevant. Reminder: I am running LM 7.2. > > I asked because a reboot would be shown in syslog but your's doesn't so you > probably didn't. You knew that, right?:o) > > Strange though that there isn't anything at all being logged around 16.45. > > What did catch my eye was the comment at 16.20.12 with the EXT2 warning. > A partition or filesystem is being mounted (and not for the first time) but > ps doesn't show anything around that time. > > As you stated you have been cracked before, one might think you still are or > have some remnants still in your system. > > I'm no expert on cracking but it would seem to be my first priority (after > breaking in) as a cracker, to cover-up my presence by generating phony system > and log files. > > Maybe somebody else has some pointers on that. > > good luck, > > Harm.
I can't address the rest but I do know some stuff about cracking *don't ask, and if you must ask do so pvtly*. I know that the first utils a cracker will replace/redo/delete/alter are: ps/ls/time/cp/rm those are fairly standard, and yes generating phony logs isn't hard. Rootkits are widely available to do so with. Need proof, I'll get you URLs pvtly. If you want some decent info on this subject with a very legal bent, try www.sec33.com. -- Femme Good Decisions You boss Made: "We'll do as you suggest and go with Linux. I've always liked that character from Peanuts." - Source: Dilbert
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
