[816] in linux-security and linux-alert archive
Re: [linux-security] suspicious users
daemon@ATHENA.MIT.EDU (Benedikt Stockebrand)
Mon Jun 17 10:04:07 1996
Date: Fri, 14 Jun 1996 13:34:36 +0200
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
To: delznic@axess.net, linux-security@tarsier.cv.nrao.edu
In-reply-to: <2.2.32.19960608172137.00684290@ian.axess.net>
(delznic@axess.net)
Aside from Als suggestions I recommend to take a look at their files,
especially executables, and their command history.
I hope you're realizing about your users privacy, so you better don't
do this ``just in case''. Otherwise it might well backfire.
Ben
--
Benedikt (Ben) Stockebrand Runaway ping.de sysadmin
Dortmund, Germany --- Never ever trust old friends ---
My name and email address are not to be added to any list used for the
purpose of advertising. By sending unsolicited advertisement e-mail
to this address, the sender implicitly agrees to pay a DM 500 fee to
the recipient for proofreading services.
[Mod: There have been several more posts recommending things like
ttysnoop, telnetsnoop, etc. I only approved the first few. --Jeff.]