Hello Jonathan !
I was just reading my system mail and saw the following:
The following devices were added: + ++ /var/lib/secchk/data/devices.new Mon May 28 01:44:41 2001 - crw--w---- root tty 4, 1 /dev/tty1 + crw-rw---- root tty 4, 1 /dev/tty1
What exactly is that? I've never seen anything like that before. What causes that, a direct login to the console?
If I understand the logs well, the access rights of /dev/tty1 were changed from "crw--w----" to "crw-rw----". /dev/tty1 is the first console and it sounds logical to me that you need write and read access. I checked on my system (and I'm pretty sure nobody tampered with it): tty1 through tty6 have all "crw-rw---- 1 root tty" rights. Have you run hardensuse or undo_harden_suse lately ? SuSEconfig also changes permissions as listed in /etc/permissions.* depending on your security level. On my system (SuSE 7.0) there is no entry for /dev/tty? in /etc/permissions.* but maybe on your system ? HTH, Armin ------------------------------------------------------------------------ Armin Schöch at the office: Institut für Atmosphärenphysik Ziolkowskistr. 10 / 63 Schlossstraße 6 D-18059 Rostock D-18225 Kühlungsborn Tel. +49-(0)381-4005781 Tel. +49-(0)38293-68-102