Re: files in /var/tmp

To: debian-user@lists.debian.org
Subject: Re: files in /var/tmp
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Sun, 8 Apr 2007 19:13:02 -0400
Message-id: <[🔎] 20070408231302.GA18871@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1176072273.461970510df3d@mail.bluebottle.com>
References: <[🔎] 1176072273.461970510df3d@mail.bluebottle.com>

On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote:
> Hi all
> 
> Can someone throw some light on as to what does /var/tmp/fast-mech.tgz
> and /var/tmp/raw directories do?
> 
> My system (Debian Etch) has been recently compromised and I deleted
> most of the suspicious files. However I am not sure about these. Is it
> safe to delete them or do you think some process expects them to be
> there?
> 
> According to FHS 2.3, files in /var/tmp are preserved across reboots
> and applications might expect some temp files there. Other than that,
> I could not find any other info on fast-mech.tgz file and on
> /var/tmp/raw directory...
> 

According to google, fast-mech is a game.  If you don't have that game
installed...

If you do....

Yes, some apps may look for something in /var/tmp, but it is usually
cleaned out periodically based on age.  If one considers a box turned
off for a week, on boot the cron script that cleans out /var/tmp will
probably clean anything out.

Personly, I'd copy /var/tmp to a USB stick or other removeable media.

If your box really has been compromized, pull the plug and read
harden-doc on a safe computer.

Doug.

Reply to:

Follow-Ups:
- Re: files in /var/tmp
  - From: John Hasler <jhasler@debian.org>

References:
- files in /var/tmp
  - From: Kamaraju Kusumanchi <kamaraju@bluebottle.com>

Prev by Date: Re: files in /var/tmp
Next by Date: Re: Wireless G WPA2 PCI Card Suggestion Please
Previous by thread: Re: files in /var/tmp
Next by thread: Re: files in /var/tmp
Index(es):
- Date
- Thread