Re: Possible compromise ?

• Previous message: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• In reply to: Peter Rosa: "Re: Possible compromise ?"
• Next in thread: Peter Rosa: "Re: Possible compromise ?"
• Reply: Peter Rosa: "Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Jan 2004 14:47:52 -0600
To: Peter Rosa <prosa@pro.sk>

Peter Rosa wrote:
> As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in
> attachment.
> Unreadable chaos, bad dates. May be, lastlog has not exact structure for
> last, isn't it ?
>
> PR
>
>
> ------------------------------------------------------------------------
>
> ttyp2 067.mbne Thu Jan 1 01:00 - 08:08 (9012+06:08)
> m@ttyv0 Thu Jan 1 01:00 still logged in
> 0 hö&=ttyp 160- Thu Jan 1 01:00 still logged in
> 0 d¶Ñ?ttyv Thu Jan 1 01:00 still logged in
>
> wtmp begins Thu Jan 1 01:00:00 CET 1970

lastlog needs wtmp, so you should do:

last -f /var/log/wtmp
which is the default action if you just last with no arguments.

Eric

-- 
------------------------------------------------------------------
Eric Anderson     Sr. Systems Administrator    Centaur Technology
Today is the tomorrow you worried about yesterday.
------------------------------------------------------------------
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• In reply to: Peter Rosa: "Re: Possible compromise ?"
• Next in thread: Peter Rosa: "Re: Possible compromise ?"
• Reply: Peter Rosa: "Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]