[SunHELP] last command not working (topo's corrected)
Fabio
fabio at crearium.com
Fri Oct 29 02:07:40 CDT 2004
Lund, Dennis wrote:
>We have and issue were the "last" command is NOT displaying accurate data.
>The command only displays login data from May 2004.
>
>The wtmpx file is updating when a user logs into the server, but logins from
>May 31st and earlier are the only logins displayed.
>
>Example:
>
>wallacc pts/14 xxx.xxx.xxx.xxx Mon May 31 15:20 - 15:29 (00:08)
>perryc pts/14 xxx.xxx.xxx.xxx Mon May 31 11:37 - 11:43 (00:06)
>perryc pts/14 xxx.xxx.xxx.xxx Mon May 31 08:58 - 10:57 (01:58)
>
>I have run a few tests on another system:
>
>1. cat /dev/null wtmpx (last still works showing login data)
>2. cat /dev/null utmpx (last still works)
>3. cat /dev/null lastlog (last still works)
>
>
>
Telnet or ssh to the machine, on the system, truss the login process to
see if it attempts to log the session and gives an error.
It is also a typical scenario after an intruder rooted the machine.
Check inetd.conf to see what options are set when telnetd/sshd is executed.
ebar.
More information about the SunHELP
mailing list