Brandon Mitchell <[EMAIL PROTECTED]> writes:
> Since these are all from his machine, maybe he's been hacked and doesn't
> know it yet.
Well, it's a Win95 box on the other end of a dialup line. :-)
> sudo and suid programs won't cause this log entry. Another good idea may
> be to move su to another location (su.orig), and place a script that sends
> you an alarm and sleeps for a minute in it's place, e.g.:
I've done this. Let's just wait...
FWIW, here's his .bash_history, in case something jumps out at you.
Nothing seems suspicious to me:
exit
lynx
logout
ls
rm L98767TMP.html
ls
rm L98766TMP.bin
ls
logout
lynx
logout
ps
logout
kill 4690
logout
password
ls
ls p
ls p*
ps
whoami
users
users /?
users --help
lynx
talk [EMAIL PROTECTED]
lynx
linx
lynx
--
Ben Pfaff <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
