After the recent breakins on my box, I've been writing a few watch scripts...
One of the things the intruder did was to link his bash_history to /dev/null. My question is.... Is there an easy way to tee the $HISTFILE to more than one location? Basically, I doubt this %#^$%&^ would be smart enough to have echo'd $HISTFILE, but rather just linked .bash_history as it was pretty commonly the $HISTFILE. What I want is a mirror of .bash_history stored elsewhere in case the original gets fubar'd. Also, if there's a perl/networking guru, I'm looking to re-write the trojan to look like it's working, but instead be logging the intruder's actions, IP, etc. It's a simple backdoor (only about 2.5 pages printed), so I might even be able to figure it out myself... Brian --------------------------------------------------------------- | [EMAIL PROTECTED] Spam me and DIE! | | http://www.datasquire.net | | Co-Founder & Co-Owner of | | Data Squire Internet Services | --------------------------------------------------------------- ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
