Mailinglist Archive: opensuse (3531 mails)

< Previous Next >
Re: [opensuse] errant 'who' behavior
  • From: Carl Hartung <suselinux@xxxxxxxxxxxxx>
  • Date: Wed, 3 Jan 2007 11:51:45 -0500
  • Message-id: <200701031151.45917.suselinux@xxxxxxxxxxxxx>
On Wednesday 03 January 2007 10:38, Randall R Schulz wrote:
<snipped an *awesome* reply for my 'kit bag'>

Thanks a lot Randall, I really appreciate the feedback.

I'm booted into a fresh 10.2 right now and 'who' works as expected.

The problem is I can't remember how long ago it was I interrupted an actual
break-in into my 10.0 system. Someone 'cracked' <roll eyes> the ISP-supplied
DSL modem 'Admin' 'Password' hurdle and logged into my box via ssh. (I
honestly didn't even know this existed! It was delivered as a 'modem'... the
routing functions weren't discussed anywhere in the supplied literature and
the default config had the built-in NAT-based firewall turned *off*!)

This is when I discovered that 'who' wasn't working correctly and suspected
someone was logged in, I immediately physically severed the net connection at
the modem and upgraded everything to *really long* passwords plus a very
complex router 'Admin' name.

I also disabled remote root logins into my box and installed rkhunter. All
subsequent scans have been either 'OK' or 'clean'.

I never see unusual network activity at the router LEDs or in ntop or netstat,
but I haven't been able to restore 'who' to it's former glory and my
confidence level in the security of that installation isn't back to normal.

So, thanks again for the clues, Randall. Much appreciated!

Carl
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups