Re: Monitoring tools to use on an account

[Mike Bird <mgb-debian@yosemite.net>]

On Fri July 30 2010 09:47:15 hugo vanwoerkom wrote:
> Mike Bird wrote:
> > On Fri July 30 2010 09:13:08 hugo vanwoerkom wrote:
> >> This person knows nothing of commands or VT's so it was just internet
> >> browsing activity. I would sure like to know what happened.
> >
> > How do you know that this person hasn't captured your
> > passwords and/or keys, possibly by temporarily rebooting
> > on a CD to gain root privileges?
>
> We're sidetracking again. I guarantee you that this person knows nothing
> about keys or capturing passwords or gaining root privileges.

It doesn't take a lot of technical knowledge to download
and burn an attack CD.  Remember this person has already
surprised you with IIRC two reboots.

It's unlikely you will be able to find out what happened
after the event.

Given physical access to the device, there's no way of
guarantying that even a previous installed logger would
report accurately - as for example if the system were
temporarily rebooted on an attack CD.

Perhaps by your friend.  Perhaps when your friend left
the system unattended.

--Mike Bird