Date: Tue, 27 Jan 2004 10:57:41 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: Peter Rosa <prosa@pro.sk> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: Possible compromise ? Message-ID: <20040127165741.GA1700@sheol.localdomain> In-Reply-To: <003001c3e4f4$dbba7910$3501a8c0@peter> References: <01a901c3e294$8ea8a500$3501a8c0@peter> <1653155537.20040126121155@b-o.ru> <003001c3e4f4$dbba7910$3501a8c0@peter>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 27, at 05:44 PM, Peter Rosa wrote:
>
> Hello,
>
> please, is there some way to list ALL users, who connect remotely to my
> machine ? It is our gateway, so it should be one-user machine, but if I list
> /var/log/lastlog binary file, there are some lines showing usage of ttyp0.
`man lastlog` explains that file (and others), and the "SEE ALSO" section
lists pertinent commands.
> That console I have disabled in ttys, so why there are that lines ? How
> could I make FreeBSD to show that file in readable way ?
`man last`.
> Was my machine compromised ?
Not enough info to go on. `last` just may show the last time the admin
was on tty0, disabling tty0.
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040127165741.GA1700>