Date: Wed, 14 Jul 2004 10:04:56 -0700 From: "Kyle Mott" <kyle@xraided.net> To: "'Doug White'" <dwhite@gumbysoft.com> Cc: freebsd-stable@freebsd.org Subject: RE: Rebuilding wtmp Message-ID: <000401c469c4$b0ec5000$150ba8c0@kyle> In-Reply-To: <20040713190819.H527@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Doug, thanks for the reply. I found out all I needed to do was recompile SSH from ports. It now works just fine. Thanks! -Kyle Mott > -----Original Message----- > From: Doug White [mailto:dwhite@gumbysoft.com] > Sent: Tuesday, July 13, 2004 7:10 PM > To: Kyle Mott > Cc: freebsd-stable@freebsd.org > Subject: Re: Rebuilding wtmp > > On Mon, 12 Jul 2004, Kyle Mott wrote: > > > Hi, I have several systems that report 'w' and 'who' wrong/corrupted: > > root@neo:~# w > > USER TTY FROM LOGIN@ IDLE WHAT > > kyle p0 - 31Dec69 - w > > > > Obviously, Dec 31st 1969 is not right: > > root@neo:~# date > > Mon Jul 12 11:27:15 PDT 2004 > > you might make sure your w/who binary hasn't been fiddled with. Changes > like this tend to point to a diagreement among utmp/wtmp writers about the > file format. > > I've seen this where w was trojaned to mask certain user logins. > > -- > Doug White | FreeBSD: The Power to Serve > dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401c469c4$b0ec5000$150ba8c0>