On Fri, 2003-06-20 at 12:09, Tom Hosiawa wrote:
> > I know of no way to recover them, but for the future, create an alias
> > rm='cp $1 /tmp'
> >
> > you just have to set up a cron job or manually remove ,using
> > /usr/bin/rm, all the file in tmp every so often. We set this up on
> > students co
a good forensic toolkit at:
> http://www.atstake.com/research/tools/task/ It's free, and it'll check out
> the stuff in "free space", etc.
>
> Good Luck!
>
> Ben
> - Original Message -
> From: "Reuben D. Budiardja" <[EMAIL PROTECTED]>
> I know of no way to recover them, but for the future, create an alias
> rm='cp $1 /tmp'
>
> you just have to set up a cron job or manually remove ,using
> /usr/bin/rm, all the file in tmp every so often. We set this up on
> students computer's. We don't tell them about it so if they do they
>
rom: "Reuben D. Budiardja" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 20, 2003 10:45 AM
Subject: recover deleted log files
> Hello all,
> Is there a way to recover deleted log file (ie. /var/log/secure and
> /var/log/message) that I can try?
>
I know of no way to recover them, but for the future, create an alias
rm='cp $1 /tmp'
you just have to set up a cron job or manually remove ,using
/usr/bin/rm, all the file in tmp every so often. We set this up on
students computer's. We don't tell them about it so if they do they
learn a lesson
Hello all,
Is there a way to recover deleted log file (ie. /var/log/secure and
/var/log/message) that I can try?
Two of our machines have been hacked by (I suspect) the same person in 2
successive day. Right now we're leaning toward recovery and securing systems
rather than trying to track down
