On Wednesday 03 January 2007 10:38, Randall R Schulz wrote: <snipped an *awesome* reply for my 'kit bag'> Thanks a lot Randall, I really appreciate the feedback. I'm booted into a fresh 10.2 right now and 'who' works as expected. The problem is I can't remember how long ago it was I interrupted an actual break-in into my 10.0 system. Someone 'cracked' <roll eyes> the ISP-supplied DSL modem 'Admin' 'Password' hurdle and logged into my box via ssh. (I honestly didn't even know this existed! It was delivered as a 'modem'... the routing functions weren't discussed anywhere in the supplied literature and the default config had the built-in NAT-based firewall turned *off*!) This is when I discovered that 'who' wasn't working correctly and suspected someone was logged in, I immediately physically severed the net connection at the modem and upgraded everything to *really long* passwords plus a very complex router 'Admin' name. I also disabled remote root logins into my box and installed rkhunter. All subsequent scans have been either 'OK' or 'clean'. I never see unusual network activity at the router LEDs or in ntop or netstat, but I haven't been able to restore 'who' to it's former glory and my confidence level in the security of that installation isn't back to normal. So, thanks again for the clues, Randall. Much appreciated! Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org