On Sun, Apr 08, 2007 at 03:44:33PM -0700, Kamaraju Kusumanchi wrote: > Hi all > > Can someone throw some light on as to what does /var/tmp/fast-mech.tgz > and /var/tmp/raw directories do? > > My system (Debian Etch) has been recently compromised and I deleted > most of the suspicious files. However I am not sure about these. Is it > safe to delete them or do you think some process expects them to be > there? > > According to FHS 2.3, files in /var/tmp are preserved across reboots > and applications might expect some temp files there. Other than that, > I could not find any other info on fast-mech.tgz file and on > /var/tmp/raw directory... >
According to google, fast-mech is a game. If you don't have that game installed... If you do.... Yes, some apps may look for something in /var/tmp, but it is usually cleaned out periodically based on age. If one considers a box turned off for a week, on boot the cron script that cleans out /var/tmp will probably clean anything out. Personly, I'd copy /var/tmp to a USB stick or other removeable media. If your box really has been compromized, pull the plug and read harden-doc on a safe computer. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
