From owner-freebsd-security  Thu Aug 23  7:31:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from euphoria.confusion.net (208-219-21-30.dsl.aros.net [208.219.21.30])
	by hub.freebsd.org (Postfix) with ESMTP id AC81037B407
	for <freebsd-security@FreeBSD.ORG>; Thu, 23 Aug 2001 07:31:46 -0700 (PDT)
	(envelope-from stuyman@euphoria.confusion.net)
Received: from localhost (localhost [127.0.0.1])
	by euphoria.confusion.net (8.11.2/8.11.2) with SMTP id f7NEUwc09074;
	Thu, 23 Aug 2001 07:30:58 -0700 (PDT)
Date: Thu, 23 Aug 2001 07:30:57 -0700 (PDT)
From: Laurence Berland <stuyman@confusion.net>
To: Bob Lefevere <b.lefevere@copernicus-it.nl>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Compromised system.
In-Reply-To: <Pine.NEB.3.96.1010823072440.8958A-100000@euphoria.confusion.net>
Message-ID: <Pine.NEB.3.96.1010823072912.8958B-100000@euphoria.confusion.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Sorry, that should be

ls -la .??*

the a because I figure there might be hidden files in there somewhere, the
second ? mark because I'm hoping it's got at least two characters after
the ., otherwise, use one ? (but then you also get .., which may or may
not bother you a lot.

On Thu, 23 Aug 2001, Laurence Berland wrote:

> umm... ls -l .?* perhaps?
> 
> On Thu, 23 Aug 2001, Bob Lefevere wrote:
> 
> > > An easy way to find out what exactly is in the directory one could use the
> > > below perl one-liner:
> > >
> > > % cd /suspiscious/directory
> > > % perl -we '$d=".";opendir(D,$d);while($_=readdir(D)){print"($_)
> > "}closedir(D);print"\n"'
> > 
> > Er.. Shouldn't ls -la suffice ?
> > 
> > Bob Lefevere
> > Copernicus Interchange Technology
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> > 
> 
> Laurence Berland
> http://www.isp.northwestern.edu
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

Laurence Berland
http://www.isp.northwestern.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message