Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Repairing a Possible Attack



Le lundi 21 décembre 2009, vous avez écrit :
> You can use "find" to look for recently created/modified files, e.g.:
>
> 	find / -mtime -1
>
> ...will give you a list of all files modified in the last 24 hours. Change
> -1 to -2 for 48 hours, etc.

Hi,

find / -ctime -1

You can't trust mtime on a compromised system.
In this case, the only reliable inode timestamp is ctime.

see: man utime -s 2

Francois


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links