If i understud it correctly, you are using Windows station in your work. Propably in your work are many Windows workstations all connected to LAN with firewall and proxy to the Internet. What could happened? 1.) you forgot to log off when you left your computer and somebody misused your account (5 min is enough to copy file from CD to your directory) 2.) somebody cracked your password and now has free access to your account 3.) somebody cracked system administrator password 4.) you have set write permision for everybody for your directory 5.) you share your directory with full access with samba (sharing of files) 6.) extra-terrestrials has cracked your computer, becouse you are standing in their way - you must contact MIB What can be checked? 1.) proxy log files (if and when this files have been downloaded) - administrator must do it. If there is no entry for this files in proxy log files, that mean, that files has not been downloaded from Internet. 2.) last modification of files and directory to find out the time of this act. But this can be easyly changed. 3.) log files to see when you have been logen on, but you have not been in work at that time (i don't know names and location of this log files) To be sure, contact also MIB. On Tue, 2004-05-11 at 23:14, Josh wrote: > Hello, > I am having a problem. Someone in my workplace downloaded many files, > some porn onto my user directory. I was framed for it, and eventually > the matter was settled but it is still not known who committed this act. > I want to find out who was able to bypass permissions and save these > files into my directory. I am sorry to say that my workplace uses a > windows system, so it couldn't just be "root"! Are there any recommended > log generators that I can use to discreetly monitor if my account is > being accessed and where from. Somehow the perpetrator was able to make > it seem as if I had logged on as someone else, but saved the files into > my directory. I know you guys can solve it, after all we are linux users! > > Thanks for the help, > Josh - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
