[816] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] suspicious users

daemon@ATHENA.MIT.EDU (Benedikt Stockebrand)
Mon Jun 17 10:04:07 1996

Date: Fri, 14 Jun 1996 13:34:36 +0200
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
To: delznic@axess.net, linux-security@tarsier.cv.nrao.edu
In-reply-to: <2.2.32.19960608172137.00684290@ian.axess.net>
	(delznic@axess.net)


Aside from Als suggestions I recommend to take a look at their files,
especially executables, and their command history.

I hope you're realizing about your users privacy, so you better don't
do this ``just in case''.  Otherwise it might well backfire.


    Ben

-- 
Benedikt (Ben) Stockebrand                 Runaway ping.de sysadmin  
Dortmund, Germany                    --- Never ever trust old friends ---
My name and email address are not to be added to any list used for the
purpose of advertising.  By sending unsolicited advertisement e-mail
to this address, the sender implicitly agrees to pay a DM 500 fee to
the recipient for proofreading services.

[Mod: There have been several more posts recommending things like
ttysnoop, telnetsnoop, etc.  I only approved the first few.  --Jeff.]

home help back first fref pref prev next nref lref last post