Possible compromise ?
Eric Anderson
anderson at centtech.com
Tue Jan 27 12:50:48 PST 2004
Peter Rosa wrote:
> As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in
> attachment.
> Unreadable chaos, bad dates. May be, lastlog has not exact structure for
> last, isn't it ?
>
> PR
>
>
> ------------------------------------------------------------------------
>
> ttyp2 067.mbne Thu Jan 1 01:00 - 08:08 (9012+06:08)
> �m�@ttyv0 Thu Jan 1 01:00 still logged in
> 0 hö&=ttyp 160- Thu Jan 1 01:00 still logged in
> 0 d¶Ñ?ttyv Thu Jan 1 01:00 still logged in
>
> wtmp begins Thu Jan 1 01:00:00 CET 1970
lastlog needs wtmp, so you should do:
last -f /var/log/wtmp
which is the default action if you just last with no arguments.
Eric
--
------------------------------------------------------------------
Eric Anderson Sr. Systems Administrator Centaur Technology
Today is the tomorrow you worried about yesterday.
------------------------------------------------------------------
More information about the freebsd-security
mailing list