Hi All, I wonder if someone has got access to my computer as in the wtmp log file I have the following 'user'. I thought at first that my logs were corrupted so I recreated wtmp on 30 Oct 2002. The 'user' is there again! X******* ****X******* X*******X******* Sun Apr 7 02:37 still logged in My Machine :- Linux Tango 2.4.4 #2 Mon Oct 7 03:36:57 CEST 2002 i586 unknown using SuSE 7.2 installation was done at the back-end of August 2002. -- Ian David Laws Linux is for Networking Mac is for Working ian@the-laws-clan.de Windows is for Solitaire
Ian Laws wrote:
Hi All,
I wonder if someone has got access to my computer as in the wtmp log file I have the following 'user'. I thought at first that my logs were corrupted so I recreated wtmp on 30 Oct 2002. The 'user' is there again!
X******* ****X******* X*******X******* Sun Apr 7 02:37 still logged in
My Machine :- Linux Tango 2.4.4 #2 Mon Oct 7 03:36:57 CEST 2002 i586 unknown using SuSE 7.2 installation was done at the back-end of August 2002.
let me guess, you're using reiserfs, right? thats a more or less known bug. Sometimes scary entrys show up in the last/wtemp logs. You can cool down :) To be sure that your box isn't compromised, run chkrootkit (www.chkrootkit.org). regards, Sven
No I do not have reiserfs, but I had chkrootkit running and it had said that wtmp was corrupted that is why I recreated wtmp. "wtmp entry may be corrupted" still appears. Ian -- Ian David Laws Linux is for Networking Mac is for Working ian@the-laws-clan.de Windows is for Solitaire
Hi All, I found in the kernel log file the following:- Tango kernel: Uhhuh. NMI received. Dazed and confused, but trying to continue Tango kernel: You probably have a hardware problem with your RAM chips I guess this may be the problem! Ian -- Ian David Laws Linux is for Networking Mac is for Working ian@the-laws-clan.de Windows is for Solitaire
participants (2)
-
Ian Laws -
Sven 'Darkman' Michels