Date: Tue, 13 Jul 2004 19:09:34 -0700 (PDT) From: Doug White <dwhite@gumbysoft.com> To: Kyle Mott <kyle@xraided.net> Cc: freebsd-stable@freebsd.org Subject: Re: Rebuilding wtmp Message-ID: <20040713190819.H527@carver.gumbysoft.com> In-Reply-To: <000501c4683e$88da1070$150ba8c0@kyle> References: <000501c4683e$88da1070$150ba8c0@kyle>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Jul 2004, Kyle Mott wrote: > Hi, I have several systems that report 'w' and 'who' wrong/corrupted: > root@neo:~# w > USER TTY FROM LOGIN@ IDLE WHAT > kyle p0 - 31Dec69 - w > > Obviously, Dec 31st 1969 is not right: > root@neo:~# date > Mon Jul 12 11:27:15 PDT 2004 you might make sure your w/who binary hasn't been fiddled with. Changes like this tend to point to a diagreement among utmp/wtmp writers about the file format. I've seen this where w was trojaned to mask certain user logins. -- Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040713190819.H527>