How to know if there was any change in my system yesterday?
Brian McKee
brian.mckee at gmail.com
Sat Aug 23 16:51:48 UTC 2008
On Fri, Aug 22, 2008 at 12:09 PM, Ashley Benton <chuaukantli at gmail.com> wrote:
> Hi,
> Yesterday I used chm2pdf to be able to read a document. I had this strange
> message rm: permission to /root and every other system folders. I answered
> no
Were you running the program as root or via sudo?
Did you start it from the command line? It might be enlightening to
review your .bash_history file.
A find command would show new files since yesterday, but wouldn't show
deletions etc....
rootkithu hunter and others would spot changes if you'd been running
those programs *before* you had a problem. Checking after the fact is
a chicken-and-egg problem, since you can't trust the system to verify
itself if the system is untrustworthy.
Brian
More information about the ubuntu-users
mailing list