On Tue, 5 Dec 2000, Michael Jinks wrote:
> Statux wrote:
> >
> > I've heard stories of crackers not cleaning up logfiles at times. Usually
> > this is because people forget. Logs are good to read even if you don't
> > suspect problems. I read mine frequently just to keep up on things :)
>
>
> Sloppy intruders will also sometimes leave obvious gaps in the log
> files; you may not be able to say what they did exactly, but if you have
> a current log file of size 0, or if you log file has a big chunk of time
> missing, that's a dead giveaway, and time to go hunting for weirdness.
>
One of their first targets when it comes to log files is the
"/var/log/wtmp" file, and you can usually notice because the 'last'
command is broken.
------------------------------------------------------
Nitebirdz
------------------------------------------------------
Thus spake the master programmer:
"You can demonstrate a program for a corporate
executive, but you can't make him computer literate."
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list