Site Navigation

Date:      Tue, 27 Jan 2004 14:47:52 -0600
From:      Eric Anderson <anderson@centtech.com>
To:        Peter Rosa <prosa@pro.sk>
Cc:        security at FreeBSD <freebsd-security@freebsd.org>
Subject:   Re: Possible compromise ?
Message-ID:  <4016CE78.2020500@centtech.com>
In-Reply-To: <00c401c3e516$4f1bf7a0$3501a8c0@peter>
References:  <01a901c3e294$8ea8a500$3501a8c0@peter><1653155537.20040126121155@b-o.ru> <003001c3e4f4$dbba7910$3501a8c0@peter> <20040127165741.GA1700@sheol.localdomain> <002801c3e513$774a4040$3501a8c0@peter> <4016CAE5.6080808@centtech.com> <00c401c3e516$4f1bf7a0$3501a8c0@peter>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Peter Rosa wrote:
> As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in
> attachment.
> Unreadable chaos, bad dates. May be, lastlog has not exact structure for
> last, isn't it ?
> 
> PR
> 
> 
> ------------------------------------------------------------------------
> 
> ttyp2                     067.mbne         Thu Jan  1 01:00 - 08:08 (9012+06:08)
> m@ttyv0                                  Thu Jan  1 01:00   still logged in
> 0                hö&=ttyp 160-             Thu Jan  1 01:00   still logged in
> 0                d¶Ñ?ttyv                  Thu Jan  1 01:00   still logged in
> 
> wtmp begins Thu Jan  1 01:00:00 CET 1970

lastlog needs wtmp, so you should do:

last -f /var/log/wtmp
which is the default action if you just last with no arguments.

Eric



-- 
------------------------------------------------------------------
Eric Anderson     Sr. Systems Administrator    Centaur Technology
Today is the tomorrow you worried about yesterday.
------------------------------------------------------------------

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4016CE78.2020500>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact