[ale] weird command line history

Mike Harrison meuon at geeklabs.com
Fri Aug 11 23:21:18 EDT 2006


> including a reference to a music file I have never owned.  My first thought 
> was that I had somehow stumbled into a session started by an invader. Does 
> this seem plausible?

Either that, or the RIAA is planting evidence. (sadly, only half joking)

My paranoid check list: 

  0. Physical Access
  1. Remote Access
  3. Exploits
  4. "Friends"
  5. Me, thinking I was on the wrong system..

It's time to do all the sanity checks you can think of, 
and then get a known good: ps, ls, find.. etc.. command
in a sub-dir and run those to see what they show
compared to what the system ones show. 

Super-paranoid mode: put a sniffer machine on a HUB (not switch)
between it and the outside world.. I've seen some pretty interesting 
things that way..

Super-SUPER-paranoid mode: fdisk and reinstall, batten the hatches.

Good Luck!







More information about the Ale mailing list