Re: Possible compromise ?

From: Peter Rosa (prosa_at_pro.sk)
Date: 01/27/04

  • Next message: Nicolas Rachinsky: "Re: Possible compromise ?"
    To: "security at FreeBSD" <freebsd-security@freebsd.org>
    Date: Tue, 27 Jan 2004 21:56:20 +0100
    
    

    OK, tried, but all four wtmp files ar clean (the are wtmp, wtmp.0....wtmp.3
    in /var/log).
    The only place, where those connections are mentioned, is the lastlog file.

    PR

    ----- Original Message -----
    From: "Eric Anderson" <anderson@centtech.com>
    To: "Peter Rosa" <prosa@pro.sk>
    Cc: "security at FreeBSD" <freebsd-security@freebsd.org>
    Sent: Tuesday, January 27, 2004 9:47 PM
    Subject: Re: Possible compromise ?

    > Peter Rosa wrote:
    > > As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is
    in
    > > attachment.
    > > Unreadable chaos, bad dates. May be, lastlog has not exact structure for
    > > last, isn't it ?
    > >
    > > PR
    > >
    > >
    > > ------------------------------------------------------------------------
    > >
    > > ttyp2 067.mbne Thu Jan 1 01:00 - 08:08
    (9012+06:08)
    > > m@ttyv0 Thu Jan 1 01:00 still
    logged in
    > > 0 h&=ttyp 160- Thu Jan 1 01:00 still
    logged in
    > > 0 d?ttyv Thu Jan 1 01:00 still
    logged in
    > >
    > > wtmp begins Thu Jan 1 01:00:00 CET 1970
    >
    > lastlog needs wtmp, so you should do:
    >
    > last -f /var/log/wtmp
    > which is the default action if you just last with no arguments.
    >
    > Eric
    >
    >
    >
    > --
    > ------------------------------------------------------------------
    > Eric Anderson Sr. Systems Administrator Centaur Technology
    > Today is the tomorrow you worried about yesterday.
    > ------------------------------------------------------------------
    >

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Nicolas Rachinsky: "Re: Possible compromise ?"

    Relevant Pages

    • Re: OpenSSH, AIX and lastlog
      ... >OpenSSH 3.4 is not making entries of any kind in the lastlog file. ... IBM changed the format of the wtmp entries between 4.x and 5.x for some ... Were your binaries compiled on AIX 4? ...
      (comp.security.ssh)
    • Re: Lsuser Not Reporting Correctly
      ... My solution would be to clear out lastlog via>lastlog and let it recreate ... when I try and view the lastlog file I get a "out of memory" error, ... Confidentiality Notice ...
      (AIX-L)
    • Re: Possible compromise ?
      ... As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in ... Unreadable chaos, bad dates. ... lastlog has not exact structure for ...
      (FreeBSD-Security)
    • Re: Possible compromise ?
      ... > Unreadable chaos, bad dates. ... lastlog has not exact structure for ... To unsubscribe, ...
      (FreeBSD-Security)