[SunHELP] last command not working
Sheldon T. Hall
shel at cmhcsys.com
Tue Nov 2 11:22:35 CST 2004
On Fri, 29 Oct 2004 00:42:54 -0400, Lund, Dennis <dennis.lund at sciatl.com>
wrote:
> We have and issue were the "last" command is NOT displaying
> accurate data.
> The command only displays login data from May 2004.
Have you ruled out the possibility that the machine has been compromised,
and the last command replaced by the attacker? If the box has been rooted,
I'd expect several commands to have been replaced, especially last, ls, ps,
and other things that would let you check for files and users.
If you feel the box is safe, have you searched for other wtmp, wtmpx, utmp,
and utmpx files and links to same?
-Shel
More information about the SunHELP
mailing list