Date: Tue, 27 Jan 2004 21:23:45 +0100 From: "Peter Rosa" <prosa@pro.sk> To: "security at FreeBSD" <freebsd-security@freebsd.org> Subject: Re: Possible compromise ? Message-ID: <002801c3e513$774a4040$3501a8c0@peter> References: <01a901c3e294$8ea8a500$3501a8c0@peter><1653155537.20040126121155@b-o.ru> <003001c3e4f4$dbba7910$3501a8c0@peter> <20040127165741.GA1700@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, sorry for unclear previous message. In the past, one man teached me the FreeBSD basics and also installed my gateway. In that time, I was not able to install and setup FreeBSD by myself. He left there some holes - e.g. open virtual consoles, unset firewall, etc. As the time went, I learned a lot about Unixes and FreeBSD and I tried to setup my own firewall, install and setup some programs (with big help of this and Questions lists, manpages and other books). When I tried to setup more security on that system, except other things, I disabled all virtual tty's, because there is no need to connect to this machine remotelly (it's located 5 steps from my desk). In the past, that man connected to my system remotely from various IPs. Now, when I cat /var/log/lastlog, in the very bottom of the file, I can read some connects from remote machines to ttyp0 and ttyp1. It's impossible for me to retrieve connection dates from that file. Of course, I read man last, man wtmp, etc., but there is nothing about /var/log/lastlog file. May be, that lines was added in the deep past, when the machine was open. But may be, it was done in few previous days... I know, if my machine was compromised, it is impossible to believe in anything on that machine (also kernel, sources). So, are there some other ways to get information about connection dates? Peter Rosa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801c3e513$774a4040$3501a8c0>