LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 10-16-2006, 12:07 PM   #1
bytez
LQ Newbie
 
Registered: Sep 2006
Location: USA
Distribution: CentOS 4.5
Posts: 27

Rep: Reputation: 15
Thumbs down need someone to look into this bash history


I submitted a ticket to support in regards to an iptables problem. After he had closed the ticket, I checked the .bash_history file and I was shocked. It seems like the tech don't know basic linux commands, why in the world is he using backslashes? And he did rm -rf \\/ rm -rf \\ for what reason? I don't know what he is trying to do!

What could you guys make out of this?

Code:
vi /etc/sysconfig/iptables
ls
mkdir \
mkdir \\
ls
cd \\/
cd ..
cd \/
cd \\
chmod 777 \\/
cd
 chmod 777 \\/
ls
ls -l
rm -rf \\/
touch \\
chmod 777 \\
ls
cd /
cd
cd \\
cd \\\
rm -rf \\
lsd
ls
vi /etc/sysconfig/iptables
ifconfig|grep 63.246.x.x
vi /etc/apf/conf.apf
iptables -F
iptables -F
/etc/init.d/iptables save
iptables -L
apf -r
iptables -L
vi /etc/sysconfig/iptables

Last edited by bytez; 10-16-2006 at 12:10 PM.
 
Old 10-16-2006, 12:45 PM   #2
usaf_sp
Member
 
Registered: Jul 2005
Location: Tennessee
Distribution: openSUSE
Posts: 419

Rep: Reputation: 30
vi is a text editor. It looks like he edited the iptables file manually.

It is possible that he saved a backup of the iptables while using the text editor and tried to remove it or something like it.

He probably had problems with permissions and tried to force the removal, but I am unsure why he used the -r switch (-r means recursive)

using \\ does not make sense.

touch' changes the access and/or modification times of the specified
files.

The iptables -F command flushes or deletes all rules in a chain.

You are probably right about not knowing basic linux syntax.

You should check to make sure that your firewall is not allowing unauthorized access.

If you are unsure what a command does, you can simply use the info and man commands to get an explanation. Example:

info iptables
man iptables
 
Old 10-16-2006, 06:57 PM   #3
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
Depending on your setup with support, the tech may have been using a web based system to access your machine in which case the extra backslashes may be the by-product of overly escape-happy web app.
 
Old 10-16-2006, 07:37 PM   #4
bytez
LQ Newbie
 
Registered: Sep 2006
Location: USA
Distribution: CentOS 4.5
Posts: 27

Original Poster
Rep: Reputation: 15
will rm -rf / remove all files on the server? this tech could've done a lot of damage.
 
Old 10-16-2006, 08:17 PM   #5
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,544
Blog Entries: 4

Rep: Reputation: 56
Yes but were all the files on the server removed? I'd be betting that chances are he didn't access the server using regular ssh and the history isn't 100% accurate. The history also shows him running touch, chmod and mkdir without valid arguments, he didn't run rm -rf / so I wouldn't stress.
 
Old 10-16-2006, 09:14 PM   #6
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Let this be a lesson, don't trust tech support to handle issues you can probably handle on your own. Is this your own server or I'm assuming a rented dedicated type host provider your using?
 
Old 10-16-2006, 10:00 PM   #7
usaf_sp
Member
 
Registered: Jul 2005
Location: Tennessee
Distribution: openSUSE
Posts: 419

Rep: Reputation: 30
The proper death command is:

rm /* -rf

I learned this the hard way. I was trying to clean my /tmp folder and forgot to put tmp into the path. LOL I really messed things up.

 
Old 10-16-2006, 10:26 PM   #8
bytez
LQ Newbie
 
Registered: Sep 2006
Location: USA
Distribution: CentOS 4.5
Posts: 27

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by cs-cam
Yes but were all the files on the server removed? I'd be betting that chances are he didn't access the server using regular ssh and the history isn't 100% accurate. The history also shows him running touch, chmod and mkdir without valid arguments, he didn't run rm -rf / so I wouldn't stress.
Thankfully not. Hmm, so why did some commands get logged in the history and some not? Is there any way to log all commands issued by ssh? I noticed some commands I issued don't get logged into the .bash_history file.

Yes, it's a rented dedicated server used to host some websites.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bash history logging Abunasar Khan Linux - Security 1 10-01-2006 07:24 AM
bash history jasonnth Linux - Software 7 08-08-2006 01:35 AM
Bash history file jinksys Linux - Software 2 07-30-2005 03:58 PM
bash history slowly Linux - General 2 11-12-2004 11:35 AM
Bash History ukndoit Linux - Security 2 10-16-2003 09:02 AM


All times are GMT -5. The time now is 12:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration