[NTLUG:Discuss] ssh login
MadHat
madhat at unspecific.com
Wed Aug 7 03:44:18 CDT 2002
On Wed, 2002-08-07 at 13:35, Steve Baker wrote:
> But if you absolutely have to fix it, I'd wipe out the utmp/wtmp files on
> reboot. That'll ensure that they are not going to show any bogus
> information from before the reboot - and the only loss will be that users
> won't be told when they last logged in or logged out if the machine had
> to be rebooted in the meantime.
I would consider that a security risk in itself. I often use the last
(or the banner message at login that says "last logged in from ...") to
see if someone else is using my account. I know it is not 100% since
root kits wipe the entries from the utmp and wtmp, but if it comes back
with a empty response that raises flags too. It is better to figure out
why the daemon is dieing and not allowing someone to log out properly.
Don't try and fix the symptom, go for the real issue.
--
MadHat at Unspecific.com
"Anyone who understands Linux/Unix, really understands the universe.
Anyone who understands Windows, really understands Windows."
- Richard Thieme, DefCon 10, 2002
More information about the Discuss
mailing list