Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jan 2004 10:57:41 -0600
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        Peter Rosa <prosa@pro.sk>
Cc:        security at FreeBSD <freebsd-security@freebsd.org>
Subject:   Re: Possible compromise ?
Message-ID:  <20040127165741.GA1700@sheol.localdomain>
In-Reply-To: <003001c3e4f4$dbba7910$3501a8c0@peter>
References:  <01a901c3e294$8ea8a500$3501a8c0@peter> <1653155537.20040126121155@b-o.ru> <003001c3e4f4$dbba7910$3501a8c0@peter>

next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 27, at 05:44 PM, Peter Rosa wrote:
> 
> Hello,
> 
> please, is there some way to list ALL users, who connect remotely to my
> machine ? It is our gateway, so it should be one-user machine, but if I list
> /var/log/lastlog binary file, there are some lines showing usage of ttyp0.

`man lastlog` explains that file (and others), and the "SEE ALSO" section
lists pertinent commands.

> That console I have disabled in ttys, so why there are that lines ? How
> could I make FreeBSD to show that file in readable way ?

`man last`.

> Was my machine compromised ?

Not enough info to go on. `last` just may show the last time the admin
was on tty0, disabling tty0.

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040127165741.GA1700>