Date: Tue, 1 Jul 2003 20:56:30 +0200 (CEST) From: n0n4m3 <n0n4m3@icn.pl> To: Sergei Vyshenski <fbsd4@pn.sinp.msu.ru> Cc: freebsd-stable@freebsd.org Subject: Re: possible intrusion? Message-ID: <20030701205618.Y16933@blue.icn.pl> In-Reply-To: <5.1.1.6.2.20030701150100.00a74aa0@vivaldi.pn.sinp.msu.ru> References: <5.1.1.6.2.20030701150100.00a74aa0@vivaldi.pn.sinp.msu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
whats this ? On Tue, 1 Jul 2003, Sergei Vyshenski wrote: > Today discovered the following in /var/log: > > -rw-r--r-- 1 root wheel 176 Jul 1 14:37 wtmp > -rw-r--r-- 1 root wheel 0 Jul 1 05:20 wtmp.0 > -rw-r--r-- 1 root wheel 0 Jul 1 05:00 wtmp.1 > -rw-r--r-- 1 root wheel 20460 Jul 1 00:19 wtmp.2 > -rw-r--r-- 1 root wheel 0 Jun 1 05:20 wtmp.3 > > While file /etc/newsyslog says: > > /var/log/wtmp root.wheel 644 3 * @01T05 B > > The system is 4.8-STABLE FreeBSD 4.8-STABLE #0: Tue Jun 17 22:09:23 MSD 2003 > > Could this mean the sign of intrusion? > > Thank you very much for any comment ahead of time, > Sergei > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030701205618.Y16933>