Re: [PLUG] Booting/disk "problem"?

sean finney on 19 Aug 2004 02:46:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Booting/disk "problem"?

From: sean finney <seanius@seanius.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Booting/disk "problem"?

Date: Wed, 18 Aug 2004 22:45:10 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.5.5.1+cvs20040105i

On Wed, Aug 18, 2004 at 04:43:28PM -0400, eric@lucii.org wrote: > On the p6 partition, the is only: /bin, /boot, /home, /proc, > /usr and /var Since boot, home, usr, and var are mount points, they > are empty. There are a number of files in the bin directory > including one called "all.tar" which is 122 MB and is truncated. > The tar file was created about the last time that the machine was > known to be working. can anyone attest to the origin of the all.tar? how about anything interesting in the logs, or perhaps truncated logs in /var? is there a loghost? can you get a table of contents from the tar file? process accounting? if there's anything that will help you, it'll probably be in that /var partition. perhaps i'm a bit too paranoid, but my first assumption in a case like this is usually that the machine is hacked. it doesn't help much that it was running redhat 8... sean
Attachment: signature.asc
Description: Digital signature

Follow-Ups:

Re: [PLUG] Booting/disk "problem"?
From: "eric@lucii.org" <eric@lucii.org>

References:

[PLUG] Booting/disk "problem"?
From: "eric@lucii.org" <eric@lucii.org>

Prev by Date: Re: [PLUG] devfs, scsi, & 2.6

Next by Date: Re: [PLUG] Booting/disk "problem"?

Previous by thread: [PLUG] Booting/disk "problem"?

Next by thread: Re: [PLUG] Booting/disk "problem"?

Index(es):

Date

Thread