From owner-freebsd-questions Tue Aug 12 09:45:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA03381 for questions-outgoing; Tue, 12 Aug 1997 09:45:22 -0700 (PDT) Received: from mail.commlitho.com (zeus.commlitho.com [207.254.73.4]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id JAA03371 for ; Tue, 12 Aug 1997 09:45:16 -0700 (PDT) Message-Id: <199708121645.JAA03371@hub.freebsd.org> Received: from [207.254.73.18] by mail.commlitho.com (SMTPD32-3.02) id A37015500FA; Tue, 12 Aug 1997 09:46:40 -0700 From: "Patrick Burm" To: Subject: history files - where stored? Date: Tue, 12 Aug 1997 09:45:22 -0700 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1160 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk If you could reply to my personal address I would appreciate it... This list is way to active for me to continue subscribing :-) Anyway, this may be just a newbie lamo question, but I can't figure it out. I am investigating security issues on my system, and I'm trying to figure out the best way to find the perp who hacked my system...and in the process i was trying to figure out how he/she might haved covered his/her tracks. So I deleted my bash history file and logged off. When I logged back on the history 'reappears' in all its glory. So what I'm wondering...is where else is it "stored" so I can look there for command like rsh and such that a "hacker" might try to use. I need to have a better understanding of all this stuff so when I call the isp of the guy that was banging on every door i have trying to see if any of the locks where non-functional, I can ask them the right things. I need them to find out who it was on their system, and I would like to know where to have them look. They use BSDI 2.1 Thanks ---------- Patrick Burm Commercial Lithographers Mesa, AZ 602.844.2294 patb@commlitho.com