My wtmp file seems to have some rather strange entries...
xxxxxx pts/3 xxx.xxx.xxx.xxx Wed Mar 21 14:17 still logged in
date { Wed Mar 21 02:00 still logged in
date | Wed Mar 21 02:00 still logged in
xxxx pts/1 xxx.xxx.xxx.xxx Wed Mar 21 01:23 still logged in
xxxx pts/3 xxx.xxx.xxx.xxx Wed Mar 21 00:09 - 01:23 (01:13)
xxx ftpd23719 xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23714 xxx.xxx.xxx.xxx Tue Mar 20 23:25 - 23:35 (00:10)
xxx ftpd23702 xxx.xxx.xxx.xxx Tue Mar 20 23:24 - 23:25 (00:01)
xxxxxx pts/3 xxx.xxx.xxx.xxx Tue Mar 20 20:00 - 20:17 (00:17)
xxxxxx pts/3 xxx.xxx.xxx.xxx Tue Mar 20 19:01 - 19:09 (00:07)
I've replaced the legit usernames and IP's with "xxx" but left them in
for context. I'm worried that the "date" entries are a consequence of
some hacker activity, but I have been unable to find any other
symptoms. I did a web search and did not find any mention of this
sort of thing. I'm using the stable distribution of Debian, with a
2.2.17 kernel.
--Bill.
--
William R Ward [EMAIL PROTECTED] http://www.bayview.com/~hermit/
-----------------------------------------------------------------------------
"Those are my principles. If you don't like them I have others."-Groucho Marx
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]