Hi,
Reply on 03-01-2007 17:46:56 <<<
Hi All,
This is actually a two part question. a) Is there a 100% proof-positive way to determine if someone has previously broken into a system via ssh... before remote root logins were disabled and a weak password replaced... and b) how do I correct the apparent inability of 'who', given any parameters, to return something more informative than just a prompt?
to be sure that 'who' is the program you expect, I would first try to rpm -q --verify coreutils (this will give some output in case some files out of coreutils, to which 'who' belongs, were modified. In case I would STILL be in doubt (so the above command did not give any output), you can always post the md5sum of your who binary and let it compare by somebody else. Don't forget to mention exactly what version of SuSE (version, arch) and update state (in case coreutils got updated once for your version of suse) Regards, Dominique -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org