On Wed, 2007-01-03 at 16:49 +0100, Dominique Leuenberger wrote:
Hi,
Reply on 03-01-2007 17:46:56 <<<
Hi All,
This is actually a two part question. a) Is there a 100% proof-positive way to determine if someone has previously broken into a system via ssh... before remote root logins were disabled and a weak password replaced... and b) how do I correct the apparent inability of 'who', given any parameters, to return something more informative than just a prompt?
to be sure that 'who' is the program you expect, I would first try to rpm -q --verify coreutils (this will give some output in case some files out of coreutils, to which 'who' belongs, were modified.
In case I would STILL be in doubt (so the above command did not give any output), you can always post the md5sum of your who binary and let it compare by somebody else.
554dd55cc223db9293f056da85ca1891 /usr/bin/who is from my 10.0 32bit system -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org