If they have root they can clean/replace/modify anything. They could even put measures in place to prevent future detection.
Remote realtime logging to a locked box is good. Logging to lpt, for instance, cannot be cleaned without physical access :D Tom Please respond to [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> cc: Subject: [luau] hacking If I knew the root passwd and have access to a user account on a box, can I sucessfully clean my trail (sulog, messages, etc) with all entrances and activities I do to the box? If the audit was done only on the box level , not pix logs or anything else. Is there something that may log this that cannot be cleaned? I remember seeing this on the list before but cant remember what date it was. Just wondering. _______________________________________________ LUAU mailing list [EMAIL PROTECTED] http://videl.ics.hawaii.edu/mailman/listinfo/luau
