From owner-freebsd-security Sat Jul 7 15:20:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 1584837B403 for ; Sat, 7 Jul 2001 15:20:20 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id f67MKJ613641 for security@freebsd.org; Sat, 7 Jul 2001 18:20:19 -0400 (EDT) (envelope-from str) Date: Sat, 7 Jul 2001 18:20:19 -0400 (EDT) From: Igor Roshchin Message-Id: <200107072220.f67MKJ613641@giganda.komkon.org> To: security@freebsd.org Subject: wtmp corrupted - ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! I've just found that my wtmp file is corrupted. (See the output of last(1) below). Is this a bug or is it a sign of somebody trying to clear his trace ? (This is on 4.3-RELEASE). Are there any tools around which allow to easily read a corrupted wtmp ? thanks, Igor 50.85 200.191. 3408 Wed Dec 31 19:00 still logged in 50.85 200.191. 3378 Wed Dec 31 19:00 still logged in 5.134 63.29.16 3378ftp Wed Dec 31 19:00 still logged in .112 38.16.82 3359str Wed Dec 31 19:00 still logged in 56.169 212.57.1 3313 Wed Dec 31 19:00 still logged in 56.169 212.57.1 3313ftp Wed Dec 31 19:00 still logged in 176.69 211.133. 3058 Wed Dec 31 19:00 still logged in 8.215 213.44.5 3058ftp Wed Dec 31 19:00 still logged in 7.228 202.225. 3042 Wed Dec 31 19:00 still logged in 8.215 213.44.5 3042ftp Wed Dec 31 19:00 still logged in 8.215 213.44.5 3005 Wed Dec 31 19:00 still logged in 98.203 217.80.1 2976 Wed Dec 31 19:00 still logged in 8.215 213.44.5 2974 Wed Dec 31 19:00 still logged in 98.203 217.80.1 2976ftp Wed Dec 31 19:00 still logged in 148.201 200.236. 2974ftp Wed Dec 31 19:00 still logged in To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message