Re: [PLUG] Booting/disk "problem"?

eric@lucii.org on 19 Aug 2004 03:08:03 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Booting/disk "problem"?

From: "eric@lucii.org" <eric@lucii.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Booting/disk "problem"?

Date: Wed, 18 Aug 2004 23:00:40 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4.1i

On Wed, Aug 18, 2004 at 10:45:10PM -0400, sean finney wrote: > On Wed, Aug 18, 2004 at 04:43:28PM -0400, eric@lucii.org wrote: > > On the p6 partition, the is only: /bin, /boot, /home, /proc, > > /usr and /var Since boot, home, usr, and var are mount points, they > > are empty. There are a number of files in the bin directory > > including one called "all.tar" which is 122 MB and is truncated. > > The tar file was created about the last time that the machine was > > known to be working. > > can anyone attest to the origin of the all.tar? how about anything > interesting in the logs, or perhaps truncated logs in /var? is there > a loghost? can you get a table of contents from the tar file? > process accounting? if there's anything that will help you, it'll > probably be in that /var partition. > > perhaps i'm a bit too paranoid, but my first assumption in a case like > this is usually that the machine is hacked. it doesn't help much > that it was running redhat 8... > > > sean Well, there were two people from two different companies ssh'ed into the box working on the same application... that's what the all.tar contains. I have run "tar -tvf all.tar" which is why I know it's truncated. /var/log/messages is sparse and of no use. What is a "loghost"? I will have to dig into /var more carefully. I'm dissapointed that the /root partition is gone... would like to see the .bash_history :-) Hacked is very unlikely... but not impossible, of course. It's inside a company network and has limited outside access (none, AFAIK, from connections initiated from the outside.) -- # Eric Lucas # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Booting/disk "problem"?
From: Paul <gyoza@comcast.net>

Re: [PLUG] Booting/disk "problem"?
From: cms <cshanahan@comcast.net>

References:

[PLUG] Booting/disk "problem"?
From: "eric@lucii.org" <eric@lucii.org>

Re: [PLUG] Booting/disk "problem"?
From: sean finney <seanius@seanius.net>

Prev by Date: Re: [PLUG] Booting/disk "problem"?

Next by Date: Re: [PLUG] Booting/disk "problem"?

Previous by thread: Re: [PLUG] Booting/disk "problem"?

Next by thread: Re: [PLUG] Booting/disk "problem"?

Index(es):

Date

Thread