<PARODY>
"You cracked Marc's Linux Box..."
"You bastards!"
</PARODY>
-Larry
-----Original Message-----
From: Marc Evans [SMTP:[EMAIL PROTECTED]]
Sent: Monday, November 20, 2000 7:20 AM
To: [EMAIL PROTECTED]
Subject: undelete files still open by a running process
Hi -
I have a Linux system that was root compromised very recently. The
person
that did this when trying to clean up overlooked telling syslogd and
httpd
to close/reopen the log files they had deleted (i.e.
/var/log/messages). I
can see the information about these files through the use of lsof,
but now
am puzzled with what is the best way to recapture that information?
Does anyone know of an undelete mechanism that may be usable in this
case?
Thanks in advance - Marc
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
