[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Need a better Linux distro

On Sun, May 31, 2020 at 10:44:17AM -0400, Solomon Peachy via Ale wrote:
> Assuming the attackers didn't wipe logs, yum maintains a transaction 
> history that can be used to determine when those highly suspicious 
> packages were installed.  Form there you can inspect the other system 
> logs around that time.

Whoops, that was a brainfart.  rpm itself maintains a record of every 
package's installation timstamp, and would be a good starting point to 
figure out the compromise vector..

 - Solomon
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
High Springs, FL                      speachy (freenode)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.ale.org/pipermail/ale/attachments/20200531/73c5b135/attachment.sig>