Subject: Re: PROPOSAL: File flags (LONG)
To: Dr. Lex Wennmacher <wennmach@geo.uni-koeln.de>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 04/04/1999 21:19:40
>>>>> "Lex" == Lex Wennmacher <wennmach@geo.Uni-Koeln.DE> writes:
Lex> A hacker managed to break in into your system and even
Lex> managed to become root. As a first step, he tries to cover
Lex> up his traces by changing the system log files
Lex> /var/log/authlog, /var/log/lastlog, and /var/log/wtmp. No
Lex> chance, the are sappnd.
Understood, but how does newsyslog work in this case?
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [