Hello,
I came across a scenario in a book and don't understand one part of it. There was an example of commands an intruder ran on a compromised box. The hacker created two files .etcpassword and .etc. The command he ran was
#touch -amcr /etc/x11/aplink/internet/.etc and
#touch -amcr /etc/x11/aplink/internet/.etcpassword
I get that the touch is changing the attributes of the files, and the -a, -m, -c are to change the access, modification and change time, but I don't understand what the -r switch is actually doing. The man page says use this file's times instead of the current times. From what I gather the command is telling the systeem to use the mac times of another file to show that the mac attributes of the file were not recently changed.
thanks,
mark
Hi Mark
-a, -m, -c are to change the access, modification and change time,
man touch
-a change only the access time
-c, –no-create do not create any files
-m change only the modification time
-r, –reference=FILE use this file's times instead of current time
(note the -c is not to interfere with the Change time)
your example has a syntax error. the command specifies the -r operator but no other file is referenced.
if the line had referenced another file, it would have changed the files attributes to that of the reference file. ie Access and Modify times.
The Change time would reflect the time that the touch command was issued and not that of the reference file.
Kern