On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας <nikos.gr...@gmail.com> wrote: > Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico > έγραψε: >> In fact, I didn't even bother fiddling with syslog. All I did was >> .bash_history. Of course, I wasn't worried about you getting my IP >> addresses (one of them is public anyway, and the other isn't mine any >> longer than I'm using it), and nothing I did there was sufficiently >> serious to be worth hiding, but I just did the history so I could >> point out how easy this is. > > So, by executing .bash_history commands issued are cleared. okey. > What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog > can the latter show me what commands have been executed, files opened, > commands given, services started-stopped etc?
Poke around in /var/log - I didn't tamper with anything there, so you may well find log entries. But I don't know for sure what I did and what I didn't do. >> and nothing I did there was sufficiently serious to be worth hiding. > > Actually i believ you, because if you had malice in mind you could 'rm -rf /' > or deface frontpages which you didnt do. > > But is there a way for me to see what commands have been issued? syslog > perhaps as ia sk above? > Since you didn't hurm the system why the need of wipe clean bash's history? There won't be a full list of all commands, but you may find some hints. And why wipe it? Just to show how easily it could be done. Imagine if I'd: 1) Created a new user, with a home directory of /etc 2) Made a setuid root binary that gives me a shell 3) Removed all logfile traces of having done so I could then *retain full access* even after you change the root password. And you would not know what I'd done, if I do the logfile wipes correctly. You might see some hint (eg that logs were rotated prematurely), but it'd be extremely hard to figure out what I did. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
