Disappearing entries in wtmp
From: Praise (praisetazio@tiscalinet.it)Date: 11/18/01
- Previous message: Phil Brutsche: "Re: Unapproved updates"
- Next in thread: Scott Gifford: "Re: Disappearing entries in wtmp"
- Reply: Scott Gifford: "Re: Disappearing entries in wtmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011118000351.6195.qmail@securityfocus.com> From: Praise <praisetazio@tiscalinet.it> To: focus-linux@securityfocus.com, suse-security@suse.com, suse-linux-e@suse.com Subject: Disappearing entries in wtmp Date: Sun, 18 Nov 2001 01:04:08 +0100
Hello all,
Everything is looking normal in my machine, but today I got this problem:
entries are disapearing from wtmp.
I run "last" when I saw that older entries I was used to see there was not
any more. Then I run chkwtmp-1.0 and it said I got
2 deletions between Sat Nov 17 15:37:25 2001 and Sat Nov 17 17:09:31 2001
3 deletions between Sat Nov 17 19:53:39 2001 and Sat Nov 17 20:46:39 2001
42 deletions between Sat Nov 21:00:00 2001 and Sat Nov 17 23:57:53 2001
I have run ./chkrootkit-0.34 and it found the deleted entries (the program is
the same), but nothing else.
I have run tripwire too, and it found just nothing to be changed.
Moreover, I have been logged in my system remotely, and I have not found
anything strange in the machine except the disappearing last entries.
lastlog looks untouched though.
Other logs does not indicate anything dangerous or unusual, except the almost
usual port scan last night.
So, here it is my question: do I _have_ to be hacked? Or might be a mistake
of chkwtmp? Have everyone else experienced this?
Praise
- Previous message: Phil Brutsche: "Re: Unapproved updates"
- Next in thread: Scott Gifford: "Re: Disappearing entries in wtmp"
- Reply: Scott Gifford: "Re: Disappearing entries in wtmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
