your presentation @hal_pomeranz couldnt have been more timely, I have a linux box, suspect SSH connections, no bash_history ..hunting!
1
@MissMuppetz /var/log/wtmp and your log files like /var/log/secure (or auth.log) and /var/log/audit/audit.log should track remote SSH conns
Mar 20, 2012 · 10:13 AM UTC
1
1