Re: `su to root' entry in syslog
Brandon Mitchell <bhmit1@mail.wm.edu> writes:
> Since these are all from his machine, maybe he's been hacked and doesn't
> know it yet.
Well, it's a Win95 box on the other end of a dialup line. :-)
> sudo and suid programs won't cause this log entry. Another good idea may
> be to move su to another location (su.orig), and place a script that sends
> you an alarm and sleeps for a minute in it's place, e.g.:
I've done this. Let's just wait...
FWIW, here's his .bash_history, in case something jumps out at you.
Nothing seems suspicious to me:
exit
lynx
logout
ls
rm L98767TMP.html
ls
rm L98766TMP.bin
ls
logout
lynx
logout
ps
logout
kill 4690
logout
password
ls
ls p
ls p*
ps
whoami
users
users /?
users --help
lynx
talk blp@pfaffben.user.msu.edu
lynx
linx
lynx
--
Ben Pfaff <pfaffben@pilot.msu.edu> <blp@gnu.org> <pfaffben@debian.org>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: