Well, you could look in their homedir, and see if there's any sort of
history file...if they really were as inept as we're hoping, they might
have bash as a shell, with a .bashhistory file left in the homedir.
On Thu, 9 Nov 2000, Wahid Belhaouane wrote:
> you can type the command :
> last | grep shlomi to know how long this user logged on your system.
> about what he did , i also waiting for others to answer.
> Wahid
>
> Fred Edmister wrote:
>
> > This morning I awoke to my Linux server not responding, and when I went to
> > the system itself, there were a bunch of PAM *** info lines on the screen
> > for a username I had never seen... I couldn't log in, and had to just power
> > down and do a manual fsck when it came back up... (bear with me, there is a
> > question here) Once the system came back up (after changing all the
> > passwords of course... ) there was a new user "shlomi" added to the
> > system, and in the home directory was a program directory, and the tar
> > file... (bnc2.6.2 bnc2.6.2.tar.gz) My questions are 1). What is
> > this BNC, and should I worry about what this guy may have done to my system
> > (everything seems to work fine, but I don't know if he did something
> > "behind the scenes") 2). How did this guy get in, and what can I do to
> > avoid these things from happening in the future (I noticed on the screen
> > when I got to the system one of the PAM's was him being su'd.. NOT
> > good) And Lastly, where is the log that holds the telnet info so I can
> > check and see EXACTLY what this guy did... Thank you all in advance for
> > you help! It is greatly appreciated!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
