I know of no way to recover them, but for the future, create an alias rm='cp $1 /tmp'
you just have to set up a cron job or manually remove ,using /usr/bin/rm, all the file in tmp every so often. We set this up on students computer's. We don't tell them about it so if they do they learn a lesson, but can recover it if it's truly important. You could also log to a syslog server so they can't delete them. Well it would just make it more difficult, they'd have to break into both machines. -Mike On Fri, 2003-06-20 at 11:45, Reuben D. Budiardja wrote: > Hello all, > Is there a way to recover deleted log file (ie. /var/log/secure and > /var/log/message) that I can try? > > Two of our machines have been hacked by (I suspect) the same person in 2 > successive day. Right now we're leaning toward recovery and securing systems > rather than trying to track down who did this. But seems to me that the > hacker is rather ham-handed, so I am wondering if there's anything we can > learn from the logs at all. > > Thanks for any help in advance. > > RDB > > -- > Reuben D. Budiardja -- Michael Gargiullo <[EMAIL PROTECTED]> Warp Drive Networks -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list