files in /var/tmp
Hi all
Can someone throw some light on as to what does /var/tmp/fast-mech.tgz and /var/tmp/raw directories do?
My system (Debian Etch) has been recently compromised and I deleted most of the suspicious files. However I am not sure about these. Is it safe to delete them or do you think some process expects them to be there?
According to FHS 2.3, files in /var/tmp are preserved across reboots and applications might expect some temp files there. Other than that, I could not find any other info on fast-mech.tgz file and on /var/tmp/raw directory...
$ls -al fast-mech.tgz raw
-rw-r--r-- 1 rajulocal rajulocal 165248 2007-02-04 20:51 fast-mech.tgz
raw:
total 1348
drwxr-xr-x 2 rajulocal rajulocal 4096 2007-01-24 02:34 ./
drwxrwxrwt 6 root root 4096 2007-04-08 18:26 ../
-rw-r--r-- 1 rajulocal rajulocal 273 2007-01-24 02:30 1
-rw-r--r-- 1 rajulocal rajulocal 316 2007-01-24 02:30 2
-rw-r--r-- 1 rajulocal rajulocal 316 2007-01-24 02:31 3
-rw-r--r-- 1 rajulocal rajulocal 39415 2007-02-28 19:03 Chio.seen
-rwxr-xr-x 1 rajulocal rajulocal 608374 2005-05-27 15:40 httpd
-rw-r--r-- 1 rajulocal rajulocal 35268 2007-02-28 19:03 New.seen
-rw-r--r-- 1 rajulocal rajulocal 1043 2007-02-28 19:03 raw.levels
-rw------- 1 rajulocal rajulocal 6 2006-12-29 04:44 raw.pid
-rw-r--r-- 1 rajulocal rajulocal 1043 2007-02-28 19:03 raw.session
-rw-r--r-- 1 rajulocal rajulocal 1091 2007-01-24 02:34 raw.set
-rwxr-xr-x 1 rajulocal rajulocal 608374 2005-05-27 15:40 sshd
-rw-r--r-- 1 rajulocal rajulocal 35861 2007-02-28 19:03 VaLy.seen
$tar tzvf fast-mech.tgz
drwxr-xr-x piotr/piotr 0 2007-01-24 02:34 raw/
-rw-r--r-- piotr/piotr 273 2007-01-24 02:30 raw/1
-rw-r--r-- piotr/piotr 316 2007-01-24 02:30 raw/2
-rw-r--r-- piotr/piotr 316 2007-01-24 02:31 raw/3
-rw------- piotr/piotr 6 2006-12-29 04:44 raw/raw.pid
-rw-r--r-- piotr/piotr 1091 2007-01-24 02:34 raw/raw.set
-rwxr-xr-x piotr/piotr 608374 2005-05-27 15:40 raw/httpd
Any help is greatly appreciated.
raju
Reply to: