Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Repairing a Possible Attack
- Date: Mon, 21 Dec 2009 12:46:21 +0900
- From: Romeo Theriault <romeo.theriault@example.com>
- Subject: Re: [tlug] Repairing a Possible Attack
- References: <4B2EAF3D.20000@example.com>
Before nuking the entire installation and doing an NSA wipe of the HDD
is there some easier way of identifying the problem and eliminating only
the bad parts and patching? Like listing all files that have been
written since a certain time / date; listing by size, listing what
system changes have occurred? etc?
You may want to check out the mtime option of find, but something like this:
find / -type f -mtime 1 -exec ls -al {} \;
will show you all the files that have been modified in the last day.
If you have different partitions you can narrow that search down a bit if only one of them is full.
But if you really suspect that it's "Something Bad", I'd unplug the network cable first thing. I would then really want to see what was on the system as opposed to just formatting it, etc... In my view this is a great learning experience.
But unless you have some reason to believe that your system was compromised I'd more likely think you had a rogue process that filled your volume somehow (logs, etc...)
Let us know if you track down the cause.
Good luck,
--
Romeo Theriault
System Administrator
Information Technology Services
- References:
- [tlug] Repairing a Possible Attack
- From: CL
- [tlug] Repairing a Possible Attack
- Prev by Date: Re: [tlug] Linux 7 year ago? [was Re: [OT] job posting]
- Next by Date: Re: [tlug] MS vs Google
- Previous by thread: Re: [tlug] Repairing a Possible Attack
- Next by thread: [tlug] Making a windows share with write permissions from Ubuntu
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |