Mailinglist Archive: opensuse (3531 mails)

< Previous Next >
Re: [opensuse] errant 'who' behavior
  • From: "Dominique Leuenberger" <Dominique.Leuenberger@xxxxxxxxxxxxx>
  • Date: Wed, 03 Jan 2007 16:49:15 +0100
  • Message-id: <459BEC9B0200002900000280@xxxxxxxxxxxxx>
Hi,

>>> Reply on 03-01-2007 17:46:56 <<<

> Hi All,
>
> This is actually a two part question. a) Is there a 100%
proof-positive
> way to
> determine if someone has previously broken into a system via ssh...
> before
> remote root logins were disabled and a weak password replaced... and
b)
> how
> do I correct the apparent inability of 'who', given any parameters,
to
> return
> something more informative than just a prompt?

to be sure that 'who' is the program you expect, I would first try to
rpm -q --verify coreutils
(this will give some output in case some files out of coreutils, to
which 'who' belongs, were modified.

In case I would STILL be in doubt (so the above command did not give
any output), you can always post the md5sum of your who binary and let
it compare by somebody else. Don't forget to mention exactly what
version of SuSE (version, arch) and update state (in case coreutils got
updated once for your version of suse)

Regards,
Dominique
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >