[4568] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux)

daemon@ATHENA.MIT.EDU (Silvio Cesare)
Sun May 25 15:45:49 1997

Date: 	Sun, 25 May 1997 23:18:00 +1000
Reply-To: silvio@ROCKNET.NET.AU
From: Silvio Cesare <silvio@ROCKNET.NET.AU>
To: BUGTRAQ@NETSPACE.ORG

chkwtmp:        A wtmp intrusion detection analyzer

By:             Silvio Cesare, 6th May, 1997

chkwtmp is an intrusion detection analyzer for the wtmp logfile on systems
running the Linux OS.

SYNOPSIS

Usage: chkwtmp [options]
        -w wtmp         wtmp filename
        -t              Print unformatted timestamps

DESCRIPTION

chkwtmp is able to log most of the typical zap wtmp utilities (everything
i've seen).  The typical zap program relies on using only the current
session logs and does no furthur processing after session completion, even
though the wtmp logs have init logs logout entries.

Silvio Cesare, <silvio@rocknet.net.au>
ftp://ftp.rocknet.net.au/pub/silvio/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4568] in bugtraq

ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux)

daemon@ATHENA.MIT.EDU (Silvio Cesare)Sun May 25 15:45:49 1997

daemon@ATHENA.MIT.EDU (Silvio Cesare)
Sun May 25 15:45:49 1997