I know of no way to recover them, but for the future, create an alias
rm='cp $1 /tmp'

you just have to set up a cron job or manually remove ,using
/usr/bin/rm, all the file in tmp every so often.  We set this up on
students computer's.  We don't tell them about it so if they do they
learn a lesson, but can recover it if it's truly important.

You could also log to a syslog server so they can't delete them. Well it
would just make it more difficult, they'd have to break into both
machines.

-Mike

On Fri, 2003-06-20 at 11:45, Reuben D. Budiardja wrote:
> Hello all,
> Is there a way to recover deleted log file (ie. /var/log/secure and 
> /var/log/message) that I can try?
> 
> Two of our machines have been hacked by (I suspect) the same person in 2 
> successive day. Right now we're leaning toward recovery and securing systems 
> rather than trying to track down who did this. But seems to me that the 
> hacker is rather ham-handed, so I am wondering if there's anything we can 
> learn from the logs at all.
> 
> Thanks for any help in advance.
> 
> RDB
> 
> -- 
> Reuben D. Budiardja
-- 
Michael Gargiullo <[EMAIL PROTECTED]>
Warp Drive Networks


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to