Re: Possible compromise ?

From: Peter Rosa (prosa_at_pro.sk)
Date: 01/27/04

Next message: Nicolas Rachinsky: "Re: Possible compromise ?"

Previous message: Remko Lodder: "RE: [Freebsd-security] Re: Possible compromise ?"
In reply to: Eric Anderson: "Re: Possible compromise ?"
Next in thread: Nicolas Rachinsky: "Re: Possible compromise ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "security at FreeBSD" <freebsd-security@freebsd.org>
Date: Tue, 27 Jan 2004 21:56:20 +0100

OK, tried, but all four wtmp files ar clean (the are wtmp, wtmp.0....wtmp.3
in /var/log).
The only place, where those connections are mentioned, is the lastlog file.

----- Original Message -----
From: "Eric Anderson" <anderson@centtech.com>
To: "Peter Rosa" <prosa@pro.sk>
Cc: "security at FreeBSD" <freebsd-security@freebsd.org>
Sent: Tuesday, January 27, 2004 9:47 PM
Subject: Re: Possible compromise ?

> Peter Rosa wrote:
> > As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is
in
> > attachment.
> > Unreadable chaos, bad dates. May be, lastlog has not exact structure for
> > last, isn't it ?
> >
> > PR
> >
> >
> > ------------------------------------------------------------------------
> >
> > ttyp2 067.mbne Thu Jan 1 01:00 - 08:08
(9012+06:08)
> > m@ttyv0 Thu Jan 1 01:00 still
logged in
> > 0 hö&=ttyp 160- Thu Jan 1 01:00 still
logged in
> > 0 d¶Ñ?ttyv Thu Jan 1 01:00 still
logged in
> >
> > wtmp begins Thu Jan 1 01:00:00 CET 1970
>
> lastlog needs wtmp, so you should do:
>
> last -f /var/log/wtmp
> which is the default action if you just last with no arguments.
>
> Eric
>
>
>
> --
> ------------------------------------------------------------------
> Eric Anderson Sr. Systems Administrator Centaur Technology
> Today is the tomorrow you worried about yesterday.
> ------------------------------------------------------------------
>

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Nicolas Rachinsky: "Re: Possible compromise ?"

Previous message: Remko Lodder: "RE: [Freebsd-security] Re: Possible compromise ?"
In reply to: Eric Anderson: "Re: Possible compromise ?"
Next in thread: Nicolas Rachinsky: "Re: Possible compromise ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: OpenSSH, AIX and lastlog
... >OpenSSH 3.4 is not making entries of any kind in the lastlog file. ... IBM changed the format of the wtmp entries between 4.x and 5.x for some ... Were your binaries compiled on AIX 4? ...
(comp.security.ssh)
Re: Lsuser Not Reporting Correctly
... My solution would be to clear out lastlog via>lastlog and let it recreate ... when I try and view the lastlog file I get a "out of memory" error, ... Confidentiality Notice ...
(AIX-L)
Re: Possible compromise ?
... As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in ... Unreadable chaos, bad dates. ... lastlog has not exact structure for ...
(FreeBSD-Security)
Re: Possible compromise ?
... > Unreadable chaos, bad dates. ... lastlog has not exact structure for ... To unsubscribe, ...
(FreeBSD-Security)