[NTLUG:Discuss] suspicious output from "last -d" command
brian at pongonova.net
brian at pongonova.net
Wed Oct 31 13:15:36 CDT 2007
Ed, have you checked /var/log/secure? /var/log/messages? Personally,
I wouldn't just write this off as an uninitialized field without
assuring myself that there hasn't been outside access. I've run many
different Linux flavors and systems over the years, and have *never*
seen a corrupt last log. (Not saying it can't happen, just saying
I've never seen one.)
If this were my machine, and I was unable to duplicate bogus entries
in the last log, I would assume the worst and assume the machine has
been compromised.
--Brian
On Wed, Oct 31, 2007 at 11:48:48AM -0500, Ed Leach wrote:
> Thanks for the replies to this thread.
>
> I took Eric's advice (last -a -d) and got the output below. (User and
> date columns deleted for readability. The user was always my user name.)
>
> This does look scary to me!
More information about the Discuss
mailing list