From owner-freebsd-questions@FreeBSD.ORG  Sat Nov 15 08:04:01 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE1C71065692
	for <freebsd-questions@freebsd.org>;
	Sat, 15 Nov 2008 08:04:01 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id DCF1E8FC19
	for <freebsd-questions@freebsd.org>;
	Sat, 15 Nov 2008 08:04:00 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.2) with ESMTP id mAF83u2S019887;
	Sat, 15 Nov 2008 09:03:56 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.3/8.14.2/Submit) with ESMTP id
	mAF83u9h019884; Sat, 15 Nov 2008 09:03:56 +0100 (CET)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Sat, 15 Nov 2008 09:03:56 +0100 (CET)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: Lisa Casey <lisa@mail.jellico.com>
In-Reply-To: <20081114215444.C8966@mail.jellico.com>
Message-ID: <20081115090330.U19870@wojtek.tensor.gdynia.pl>
References: <B8B09B39A8884900970CF2434D40F6C4@CaseyHome>
	<BAY122-DAV1214B45821956EB1D7B782BA110@phx.gbl>
	<692726B5-52B5-46AC-9C79-41553179AF36@comcast.net>
	<20081114215444.C8966@mail.jellico.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: Question about entry in auth.log
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2008 08:04:01 -0000

> Very odd. Sigh, Michael is not vacationing in Romania. Doubt he's ever been 
> there. I got rid of the michael account (it wasn't used anyway), and 
> downloaded a new copy of chkrootkit, installed it and ran it along with 
> chklastlog and chkwtmp. Nothing was found. Pehaps this was a harmless enough 
> prank? Anything else I ought to look at? Fortunately the michael account did 
> not have te ability to su to root.
it doesn't matter if he/she had, if he/she don't know root password.