 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, Apr 04, 2008 at 09:48:14AM -0400, Ben Holland wrote: > Just as a quick question and i'm not trying to be a dick about it, but if > you have a major file system corruption, why would the ability to know what > files are there be important. There are a few cases where this might be useful. John mentioned a historic one, that I think doesn't really apply anymore... In general, if you have good back-ups, it's probably easier to simply re-install and restore. If you have a kickstart server (or similar), it will take you less than an hour to get your system back, at which point you'll just have to worry about restoring data. However, if your back-ups aren't so great, or you are working in a secure environment where you need to be sure of what happened before you trash the system and restore it, this could come in handy for damage assessment and/or forensic investigation. If, for example, you're concerned that your system might be trojaned, you might want to poke around with something like this. Root kits often trojan the ls command to hide themselves, but it's less common to trojan the shell. Especially if you have extra shells installed, or have a shell installed in an unusual location, root kits will probably miss at least one of those, making it possible to detect files that would be missed with trojaned ls commands. If you inherited a system that does not have good back-ups (I say inherited, because of course everyone here always has good back-ups:), then it might be possible to recover some important config files. Using tricks like this will help you see what you can recover... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
