Mailinglist Archive: opensuse (3531 mails)

< Previous Next >
Re: [opensuse] errant 'who' behavior
  • From: Kenneth Schneider <suse-list3@xxxxxxxxxxxxx>
  • Date: Wed, 03 Jan 2007 13:17:31 -0500
  • Message-id: <1167848251.29079.29.camel@xxxxxxxxxxxxxxxxx>
On Wed, 2007-01-03 at 16:49 +0100, Dominique Leuenberger wrote:
> Hi,
>
> >>> Reply on 03-01-2007 17:46:56 <<<
>
> > Hi All,
> >
> > This is actually a two part question. a) Is there a 100%
> proof-positive
> > way to
> > determine if someone has previously broken into a system via ssh...
> > before
> > remote root logins were disabled and a weak password replaced... and
> b)
> > how
> > do I correct the apparent inability of 'who', given any parameters,
> to
> > return
> > something more informative than just a prompt?
>
> to be sure that 'who' is the program you expect, I would first try to
> rpm -q --verify coreutils
> (this will give some output in case some files out of coreutils, to
> which 'who' belongs, were modified.
>
> In case I would STILL be in doubt (so the above command did not give
> any output), you can always post the md5sum of your who binary and let
> it compare by somebody else.

554dd55cc223db9293f056da85ca1891 /usr/bin/who

is from my 10.0 32bit system

--
Ken Schneider
UNIX since 1989, linux since 1994, SuSE since 1998

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups