Didn't see your reply before. Thanks for the help!
/Martin
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Suspicios activities??
Does anyone know what this is in my auth.log?
Christian
I have the usual CRON every 5-10 minutes all day. But what is that "successfull su for nobody by root"?Feb 16 06:25:41 bubba su[11098]: Successful su for nobody by root
Feb 16 06:25:41 bubba su[11098]: + ??? root:nobody
Feb 16 06:25:41 bubba su[11098]: (pam_unix) session opened for user nobody by (uid=0)
Feb 16 06:25:41 bubba su[11098]: (pam_unix) session closed for user nobody
Feb 16 06:25:41 bubba su[11100]: Successful su for nobody by root
Feb 16 06:25:41 bubba su[11100]: + ??? root:nobody
Feb 16 06:25:41 bubba su[11100]: (pam_unix) session opened for user nobody by (uid=0)
Feb 16 06:25:41 bubba su[11100]: (pam_unix) session closed for user nobody
Feb 16 06:25:42 bubba su[11102]: Successful su for nobody by root
Feb 16 06:25:42 bubba su[11102]: + ??? root:nobody
Feb 16 06:25:42 bubba su[11102]: (pam_unix) session opened for user nobody by (uid=0)
Feb 16 06:25:46 bubba CRON[11068]: (pam_unix) session closed for user root
Feb 16 06:26:12 bubba su[11102]: (pam_unix) session closed for user nobody
Feb 16 06:26:23 bubba CRON[11064]: (pam_unix) session closed for user root
Feb 16 06:30:38 bubba CRON[11234]: (pam_unix) session opened for user root by (uid=0)
Christian
the coroners toolkit (tct)
hi,
does anyone here use tct (the coroners toolkit)? i have read that it it 'the' item for linux cyber forensics but it must be installed prior to the intrusion.
does anyone have any experience with it?
should i install it?
zander
does anyone here use tct (the coroners toolkit)? i have read that it it 'the' item for linux cyber forensics but it must be installed prior to the intrusion.
does anyone have any experience with it?
should i install it?
zander