Date: Thu, 16 Jun 2005 23:24:30 +1000 (EST) From: Neo-Vortex <root@Neo-Vortex.net> To: Saurabh Bhasin <sbhasin@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: last command - strange entries? Message-ID: <20050616232236.A26561@Neo-Vortex.net> In-Reply-To: <ac867641050615092469fe7158@mail.gmail.com> References: <ac867641050615092469fe7158@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Jun 2005, Saurabh Bhasin wrote: > Greetings, > > I am seeing strange entries when i perform "last -20" for example. > Here's a sample output becuase I can not seem to make any sense out of > this in the last two days and can't find any information online. Any > help is appreciated. > > 0 F=3D=B0Bttyp Wed Dec 31 16:00 still l= ogged in > 0 6=DB=AFBttyp Wed Dec 31 16:00 still l= ogged in > 0 m=DA=AFBttyp Wed Dec 31 16:00 still l= ogged in > 7 m=DA=AFBttyv Wed Dec 31 16:00 still l= ogged in > 0 =AFBttyp Wed Dec 31 16:00 still logge= d in > 0 (o=AFBttyp Wed Dec 31 16:00 still log= ged in > 2 =EBg=AFBttyp Wed Dec 31 16:00 still l= ogged in > . > > and it keeps going for 20 lines. The last command uses /var/log/wtmp and /var/log/utmp (mabe even /var/log/lastlog) - anyway, the point is, it uses those files to get the information, now, it appears as if they have become corrupt, mabe by userland/kernel land desynch? bad upgrade? tried a reboot? Else, can you give us more details about the system, past upgrades, intrusions? ~NVX
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050616232236.A26561>