Date: Mon, 18 Dec 2000 16:13:55 -0500 From: "Gerald T. Freymann" <freymann@eagle.ca> To: "Jonathan Fosburgh" <syjef@mail.mdanderson.org> Cc: "Questions" <questions@FreeBSD.ORG> Subject: RE: Hacker history file - OUCH Message-ID: <NEBBIPHLEDGOAFACJGDDIECGDHAA.freymann@eagle.ca> In-Reply-To: <3A3E7AC9.40306@mail.mdanderson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
|O|> Do you know for sure it was an intruder? Had to be. All of this was done under the name of our backup software (amanda) |O|> The results of the su ought to be in /var/log/messages. |O|> Especially the one to toor. You should either see a success or failure message. Duh! Forgot about that. It only logs successful su's and there are none from anybody but staff since Nov 30th. |O|> Of course, he can only su to toor if the user he was in as is in |O|> group wheel. How true. I'm not sure how they got in, but supposedly it may not be to bad? The box is being replaced this week. I have Tripwire running on other boxes as of right now. -Gerry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIPHLEDGOAFACJGDDIECGDHAA.freymann>