Date: Tue, 27 Jan 2004 18:55:47 +0200 From: Peter Pentchev <roam@ringlet.net> To: Peter Rosa <prosa@pro.sk> Cc: freebsd-security@freebsd.org Subject: Re: Possible compromise ? Message-ID: <20040127165547.GB730@straylight.m.ringlet.net> In-Reply-To: <003001c3e4f4$dbba7910$3501a8c0@peter> References: <01a901c3e294$8ea8a500$3501a8c0@peter> <1653155537.20040126121155@b-o.ru> <003001c3e4f4$dbba7910$3501a8c0@peter>
next in thread | previous in thread | raw e-mail | index | archive | help
--K8nIJk4ghYZn606h Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 27, 2004 at 05:44:40PM +0100, Peter Rosa wrote: > Hello, >=20 > please, is there some way to list ALL users, who connect remotely to my > machine ? It is our gateway, so it should be one-user machine, but if I l= ist > /var/log/lastlog binary file, there are some lines showing usage of ttyp0. > That console I have disabled in ttys, so why there are that lines ? How > could I make FreeBSD to show that file in readable way ? >=20 > Was my machine compromised ? ttyp0 is the first pseudo-tty. Pseudo-ttys may be created for many purposes, but the most common ones by far are 1. remote logins (telnet, SSH, or the like), and 2. utilities such as 'screen'. If you, or somebody else, has ever opened a telnet or SSH connection to the machine in question, then FreeBSD would have accepted the remote login on a pseudo-tty. The first such login would be on ttyp0, the second - if there are two at the same time - would be on ttyp1, and so on. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. --K8nIJk4ghYZn606h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAFpgT7Ri2jRYZRVMRAv7hAJwK202/zB/05JaecKY+oX3zxPoOigCgk+yg +T7uyj1kbZltAnXdbQ883QA= =jx8M -----END PGP SIGNATURE----- --K8nIJk4ghYZn606h--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040127165547.GB730>