Bob,
Thanks for the reply, but that doesn't work. At least in the form:
find /etc/* -amin 8
Try this...
# touch -t 12010001 /zhacked
# find . -newer /zhacked | tee /zfiles
This will create/modify file /zhacked to have a timestamp as
indicated MMDDhhmm and then search for all
On Sat, 02 Dec 2000 05:05:41 Bob Puff@NLE wrote:
Thanks for the reply, but that doesn't work. At least in the form:
find /etc/* -amin 8
Seems to return some files that have been created long ago. The actual files
do
seem to change with time. Example:
[root@main postfix]# date
Hello,
In the close inspection I've been giving my machine since it was hacked,
I see that there was a 100kbit/sec upload averaged over 5 minutes.. that
is a lot of data. I don't see any new files to account for this, and
suspect the hacker might have uploaded something naughty.
Question:
On Sat, 02 Dec 2000 00:34:45 Kelley Terry wrote:
On Friday 01 December 2000 02:15 pm, you wrote:
Question: how do I do a locate (whereis), based on date? What I want to
do is display ALL files that have been created or modified SINCE a
certain date.. like 2 days ago.
man find.
more
rpm -qf `which ps`
rpm -V rpmfromabovecommand
rpm -qf `which ls`
rpm -V rpmfromabovecommand
if these are compromised from a root kit you should install the rpm's
using
rpm -ivh --replacefiles procps-2.0.6-12mdk.i386.rpm
this will clean out the root kit with new files.
if you suspect that rpm
On Friday 01 December 2000 02:15 pm, you wrote:
Question: how do I do a locate (whereis), based on date? What I want to
do is display ALL files that have been created or modified SINCE a
certain date.. like 2 days ago.
Have you tried using kfind? It's a gui frontend for the find command (I
Thanks for the reply, but that doesn't work. At least in the form:
find /etc/* -amin 8
Seems to return some files that have been created long ago. The actual files do
seem to change with time. Example:
[root@main postfix]# date
Fri Dec 1 22:55:43 EST 2000
[root@main postfix]# find /etc/*