Date: Tue, 27 Jan 2004 15:09:11 -0600 From: Eric Anderson <anderson@centtech.com> To: Nicolas Rachinsky <list@rachinsky.de> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: Possible compromise ? Message-ID: <4016D377.6090208@centtech.com> In-Reply-To: <20040127210015.GA12328@pc5.i.0x5.de> References: <003001c3e4f4$dbba7910$3501a8c0@peter> <20040127165741.GA1700@sheol.localdomain> <002801c3e513$774a4040$3501a8c0@peter> <4016CAE5.6080808@centtech.com> <00c401c3e516$4f1bf7a0$3501a8c0@peter> <20040127210015.GA12328@pc5.i.0x5.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicolas Rachinsky wrote:
> * Peter Rosa <prosa@pro.sk> [2004-01-27 21:44 +0100]:
>
>>As Mr. Anderson wrote, I tried last -f /var/log/lastlog and get, what is in
>>attachment.
>>Unreadable chaos, bad dates. May be, lastlog has not exact structure for
>>last, isn't it ?
>
>
> The program to show /var/log/lastlog is lastlogin.
Actually, last reads it also, the lastlogin tool is a "subtool" I think:
From lastlogin(8):
"The lastlogin utility differs from last(1) in that it only prints
infor-mation regarding the very last login session. The last login
database is never turned over or deleted in standard usage."
Eric
--
------------------------------------------------------------------
Eric Anderson Sr. Systems Administrator Centaur Technology
Today is the tomorrow you worried about yesterday.
------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4016D377.6090208>