How to know if there was any change in my system yesterday?
Verde Denim
tdldev at gmail.com
Sat Aug 23 18:38:01 UTC 2008
On Sat, Aug 23, 2008 at 12:51 PM, Brian McKee <brian.mckee at gmail.com> wrote:
> On Fri, Aug 22, 2008 at 12:09 PM, Ashley Benton <chuaukantli at gmail.com>
> wrote:
> > Hi,
> > Yesterday I used chm2pdf to be able to read a document. I had this
> strange
> > message rm: permission to /root and every other system folders. I
> answered
> > no
>
> Were you running the program as root or via sudo?
>
> Did you start it from the command line? It might be enlightening to
> review your .bash_history file.
>
> A find command would show new files since yesterday, but wouldn't show
> deletions etc....
>
> rootkithu hunter and others would spot changes if you'd been running
> those programs *before* you had a problem. Checking after the fact is
> a chicken-and-egg problem, since you can't trust the system to verify
> itself if the system is untrustworthy.
>
> Brian
Even though its after the fact, if you installed samhain, it would at least
alert you whenever a system file changed. I'm not sure if it can be
configured to alert whenever *any* file changed,though. But it would be a
good app to have running if you've ever wondered which files are changing in
the system.
Jack
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080823/4d8d00bc/attachment.html>
More information about the ubuntu-users
mailing list