[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Need a better Linux distro
On Sun, May 31, 2020 at 10:44:17AM -0400, Solomon Peachy via Ale wrote:
> Assuming the attackers didn't wipe logs, yum maintains a transaction
> history that can be used to determine when those highly suspicious
> packages were installed. Form there you can inspect the other system
> logs around that time.
Whoops, that was a brainfart. rpm itself maintains a record of every
package's installation timstamp, and would be a good starting point to
figure out the compromise vector..
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available