Hi -
I have a Linux system that was root compromised very recently. The person
that did this when trying to clean up overlooked telling syslogd and httpd
to close/reopen the log files they had deleted (i.e. /var/log/messages). I
can see the information about these files through the use of lsof, but now
am puzzled with what is the best way to recapture that information?
Does anyone know of an undelete mechanism that may be usable in this case?
Thanks in advance - Marc
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
