[ale] weird command line history
Mike Harrison
meuon at geeklabs.com
Fri Aug 11 23:21:18 EDT 2006
> including a reference to a music file I have never owned. My first thought
> was that I had somehow stumbled into a session started by an invader. Does
> this seem plausible?
Either that, or the RIAA is planting evidence. (sadly, only half joking)
My paranoid check list:
0. Physical Access
1. Remote Access
3. Exploits
4. "Friends"
5. Me, thinking I was on the wrong system..
It's time to do all the sanity checks you can think of,
and then get a known good: ps, ls, find.. etc.. command
in a sub-dir and run those to see what they show
compared to what the system ones show.
Super-paranoid mode: put a sniffer machine on a HUB (not switch)
between it and the outside world.. I've seen some pretty interesting
things that way..
Super-SUPER-paranoid mode: fdisk and reinstall, batten the hatches.
Good Luck!
More information about the Ale
mailing list