last command - strange entries?
Neo-Vortex
root at Neo-Vortex.net
Thu Jun 16 13:24:33 GMT 2005
On Wed, 15 Jun 2005, Saurabh Bhasin wrote:
> Greetings,
>
> I am seeing strange entries when i perform "last -20" for example.
> Here's a sample output becuase I can not seem to make any sense out of
> this in the last two days and can't find any information online. Any
> help is appreciated.
>
> 0 F=°Bttyp Wed Dec 31 16:00 still logged in
> 0 6Û¯Bttyp Wed Dec 31 16:00 still logged in
> 0 mÚ¯Bttyp Wed Dec 31 16:00 still logged in
> 7 mÚ¯Bttyv Wed Dec 31 16:00 still logged in
> 0 ¯Bttyp Wed Dec 31 16:00 still logged in
> 0 (o¯Bttyp Wed Dec 31 16:00 still logged in
> 2 ëg¯Bttyp Wed Dec 31 16:00 still logged in
> .
>
> and it keeps going for 20 lines.
The last command uses /var/log/wtmp and /var/log/utmp (mabe even
/var/log/lastlog) - anyway, the point is, it uses those files to get the
information, now, it appears as if they have become corrupt, mabe by
userland/kernel land desynch? bad upgrade? tried a reboot?
Else, can you give us more details about the system, past upgrades,
intrusions?
~NVX
More information about the freebsd-security
mailing list