[ale] Need a better Linux distro
Solomon Peachy
pizza at shaftnet.org
Sun May 31 11:04:20 EDT 2020
On Sun, May 31, 2020 at 10:44:17AM -0400, Solomon Peachy via Ale wrote:
> Assuming the attackers didn't wipe logs, yum maintains a transaction
> history that can be used to determine when those highly suspicious
> packages were installed. Form there you can inspect the other system
> logs around that time.
Whoops, that was a brainfart. rpm itself maintains a record of every
package's installation timstamp, and would be a good starting point to
figure out the compromise vector..
- Solomon
--
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.ale.org/pipermail/ale/attachments/20200531/73c5b135/attachment.sig>
More information about the Ale
mailing list