An attacker with shell access to a Linux server can manipulate, or perhaps even ruin, anything they have access to. While many more subtle attacks could provide significant value to a hacker, most attacks also leave traces. These traces, of course, can also be manipulated and avoided through methods such as shell scripting.
Finding evidence of an attack can start with a trace left behind by an attacker like a file modification date. Every time a file is created, modified, or in Unix terminology “touched," it generally updates the modification time of a file. Every file within a Linux… more