Heyaz. So...if you broke into a system, left yourself
a backdoor, and wanted to cover your traces, what files would
would you affect doing so? There are some obvious ones, so
I wanted to start there and develop a thorough list. Thinking
out loud, for my Deb potato, I'd affect:
/etc/passwd
/etc/shadow
/etc/profile
anything listed in /etc/shells
/etc/inetd.conf
/etc/hosts.allow
/bin/ps
/usr/bin/who
/usr/bin/which
/usr/sbin/sshd
/usr/sbin/telnetd
/usr/sbin/inetd
/usr/sbin/tcpd
/sbin/ipchains
/sbin/ipmasqadm
What else leaps to mind? Anything above unneeded IYO?
Thanks!
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
