[suse-security] wrong entries in btmp - hacked?
Hi List! Is there a known bug in any program that leaves following entries between the correct ones in the btmp-file (viewed with last): H******* ****H******* H*******H******* Sun Apr 7 02:20 - down (10408+15:09 H******* ****H******* H*******H**** Thu Jan 1 01:00 - down (11948+19:50 *7 ****H******* Thu Jan 1 01:00 - down (11946+16:48 ...or am I hacked??? I'm running SuSE 8.0 Prof with all relevant security patches installed. Thank you for answers! Fritz
Fritz Berger wrote:
Hi List!
Is there a known bug in any program that leaves following entries between the correct ones in the btmp-file (viewed with last): H******* ****H******* H*******H******* Sun Apr 7 02:20 - down (10408+15:09
H******* ****H******* H*******H**** Thu Jan 1 01:00 - down (11948+19:50
*7 ****H******* Thu Jan 1 01:00 - down (11946+16:48
...or am I hacked???
I'm running SuSE 8.0 Prof with all relevant security patches installed.
did you use reiserFS on that maschine? if yes, you're not hacked ;) ReiserFS sometimes 'corrupt' the "last files". If not, a hard disc failure can be the reason, but check your box e.g. with chkrootkit. HTH and have a nice sunday :)
participants (2)
-
Fritz Berger -
Sven 'Darkman' Michels