From owner-freebsd-security Mon Nov 2 21:33:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA14944 for freebsd-security-outgoing; Mon, 2 Nov 1998 21:33:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA14936 for ; Mon, 2 Nov 1998 21:33:20 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id WAA02966; Mon, 2 Nov 1998 22:33:11 -0700 (MST) Message-Id: <4.1.19981102223232.0470a100@127.0.0.1> X-Sender: brett@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 02 Nov 1998 22:33:07 -0700 To: Jay Nelson , security@FreeBSD.ORG From: Brett Glass Subject: Re: hidden files question In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Look in logs that have turned over. You may see lots of messages related to intrusion attempts. We did. --Brett At 10:56 PM 11/2/98 -0600, Jay Nelson wrote: >We have an office server running 2.2.7-RELEASE doing DNS, Samba and >mail. We have had several intrusion atempts over the past few weeks >that have failed. Today, /var was showing 50 MB and I could only >account for about 5MB. I could find no hidden files. > >Any combination I've used with find hasn't shown anything. Any ideas >on how I can find the missing 45MB? > >Is there a known benign condition that could account for this? > >Thanks > >-- Jay > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message