Re: Possible hack? Logs clear & syslogd restarted...need help!
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 02/01/04
- Next message: NeoSadist: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Previous message: ChronoFish: "Snort on port"
- In reply to: Robert: "Possible hack? Logs clear & syslogd restarted...need help!"
- Next in thread: Robert: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Reply: Robert: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 01 Feb 2004 17:51:43 GMT
On 1 Feb 2004 09:40:54 -0800, Robert wrote:
>
> Is there a reason why these are clear? I never empty these manually.
> Is there something that does this automatically or am I being
> paranoid?
I'll bet you left your system on overnight and /etc/cron.daily had a
chance to run. In that directory you might find something like
logrotate which said since it is Sunday, I'll rotate the logs.
If not, you might look on http://www.chkrootkit.org/ for code to see if root
kits have been installed.
You also can do a
rpm -Va | grep '..5' > /tmp/verify
to see what has changed on the system.
man rpm
to understand /tmp/verify contents.
- Next message: NeoSadist: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Previous message: ChronoFish: "Snort on port"
- In reply to: Robert: "Possible hack? Logs clear & syslogd restarted...need help!"
- Next in thread: Robert: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Reply: Robert: "Re: Possible hack? Logs clear & syslogd restarted...need help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
