On Sun, 27 Feb 2000, Vidiot wrote:
> >In any case, try running the command like this:
> >top 2>errors.out
> >
> >Then, stop the process by doing a Ctrl+C for instance, and take a look at
> >the contents of the errors.out file which should then contain a printout
> >of the errors the system ran into. I use this trick pretty much every
> >time I run into a problem, and so far it has proven to be extremely
> >helpful.
>
> In this case it doesn't do any good to do a ^C, as the program stops on
> its own, and also, since there are errors, they would appear on the screen.
> But, just for the hell of it, I did an output into a file. When I cat'd
> the file, the same thing happened, i.e., the screen was cleared. But, the
> file was 38 bytes long. Editing the file produces:
>
> bad data in /var/run/utmp^[[H^[[J^[[H^[[1m
>
> The stupid program clears the screen so the error can't be seen. A result
> of clearing the screen when it normally finishes.
>
> I wonder when my utmp file got corrupted. :-(
>
A view of the utmp man page shows the following interesting comment: "Note
that the utmp struct from libc5 has changed in libc6. Because of this,
binaries using the old libc5 struct will corrupt /var/run/utmp and/or
/var/log/wtmp. Debian systems include a patched libc5 which uses the new
utmp format. The problem still exists with wtmp since it's
accessed directly in libc5."
I ignore if this helps you at all, but I suppose at least we're learning
quite a bit about the way who, utmp and wtmp work in Linux. :-)
I guess I'd try something like "cat /dev/null>/var/run/utmp" trying to
recreate the file and see if it makes any difference, although something
tells me that wouldn't work, at least in the long run. In any case, the
whole thing sounds way too suspicious to me. I would hate to cause any
innecessary alarm, but perhaps it would be wise to consider that the
system may have been compromised. Did you take a look at all the log
files to make sure everything is right? How about the bash history? A
possible cracker may have installed a root kit that is causing all these
problems. Just a suggestion.
> >Again, please correct me if I'm wrong, since I'm here to help when I can
> >and learn from the gurus. ;-)
> >Nitebirdz
>
> MB
> --
> e-mail: [EMAIL PROTECTED]
> Bart: Hey, why is it destroying other toys? Lisa: They must have
> programmed it to eliminate the competition. Bart: You mean like
> Microsoft? Lisa: Exactly. [The Simpsons - 12/18/99]
> Visit - URL:http://www.vidiot.com/ (Your link to Star Trek and UPN)
>
---------
Nitebirdz
---------
It's not too late to turn back from the "Gates" of Hell...
Linux: the free 32-bit operating system, available NOW.
Why waaaaaait for NT? (Brandon S. Allbery)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
