Rebuilding wtmp
Kyle Mott
kyle at xraided.net
Wed Jul 14 10:05:07 PDT 2004
Hi Doug, thanks for the reply. I found out all I needed to do was
recompile SSH from ports. It now works just fine. Thanks!
-Kyle Mott
> -----Original Message-----
> From: Doug White [mailto:dwhite at gumbysoft.com]
> Sent: Tuesday, July 13, 2004 7:10 PM
> To: Kyle Mott
> Cc: freebsd-stable at freebsd.org
> Subject: Re: Rebuilding wtmp
>
> On Mon, 12 Jul 2004, Kyle Mott wrote:
>
> > Hi, I have several systems that report 'w' and 'who'
wrong/corrupted:
> > root at neo:~# w
> > USER TTY FROM LOGIN@ IDLE WHAT
> > kyle p0 - 31Dec69 - w
> >
> > Obviously, Dec 31st 1969 is not right:
> > root at neo:~# date
> > Mon Jul 12 11:27:15 PDT 2004
>
> you might make sure your w/who binary hasn't been fiddled with.
Changes
> like this tend to point to a diagreement among utmp/wtmp writers about
the
> file format.
>
> I've seen this where w was trojaned to mask certain user logins.
>
> --
> Doug White | FreeBSD: The Power to Serve
> dwhite at gumbysoft.com | www.FreeBSD.org
More information about the freebsd-stable
mailing list