From owner-freebsd-security Mon Nov 2 22:40:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA24824 for freebsd-security-outgoing; Mon, 2 Nov 1998 22:40:49 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tok.qiv.com (tok.qiv.com [205.238.142.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA24810 for ; Mon, 2 Nov 1998 22:40:46 -0800 (PST) (envelope-from jdn@acp.qiv.com) Received: (from uucp@localhost) by tok.qiv.com (8.8.8/8.8.5) with UUCP id AAA08208; Tue, 3 Nov 1998 00:40:28 -0600 (CST) Received: from localhost (jdn@localhost) by acp.qiv.com (8.8.8/8.8.8) with SMTP id AAA02470; Tue, 3 Nov 1998 00:37:49 -0600 (CST) (envelope-from jdn@acp.qiv.com) Date: Tue, 3 Nov 1998 00:37:49 -0600 (CST) From: Jay Nelson To: Brett Glass cc: security@FreeBSD.ORG Subject: Re: hidden files question In-Reply-To: <4.1.19981102223232.0470a100@127.0.0.1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Nov 1998, Brett Glass wrote: >Look in logs that have turned over. You may see lots of messages >related to intrusion attempts. We did. I couldn't find any unexplainable successful connections unless they got a password and hacked something I'm not logging. Saw lots of attempts, though. Still, the unaccounted file usage makes me suspicious. What is the whiteout file attribute and how can I find it. The -W flag to ls doesn't seem to work. -- Jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message