[4574] in bugtraq
Re: ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linu
daemon@ATHENA.MIT.EDU (Byron COLLIE)
Mon May 26 03:32:15 1997
Date: Mon, 26 May 1997 08:07:53 +11:0
Reply-To: ccbyron@cc.uq.edu.au
From: Byron COLLIE <ccbyron@CC.UQ.EDU.AU>
X-To: silvio@ROCKNET.NET.AU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199705251318.XAA22860@ns.rocknet.net.au>
Hi
You should maybe check the net for these types of utilities first....
Cheers
Byron
chkwtmp - check wtmp-file for overwritten information
Copyright (c) DFN-CERT, Univ. of Hamburg 1994
Univ. Hamburg, Dept. of Computer Science
DFN-CERT
Vogt-Koelln-Strasse 30
22527 Hamburg
Germany
This program is free software; you can distribute it and/or modify
it as long as you retain the DFN-CERT copyright statement.
It can be obtained via anonymous FTP from
ftp://ftp.cert.dfn.de/pub/tools/admin/chkwtmp/chkwtmp.tar.Z
This program is distributed WITHOUT ANY WARRANTY; without the
IMPLIED WARRANTY of merchantability or fitness for a particular
purpose.
This package contains:
README
MANIFEST
chkwtmp.1
chkwtmp.c
chkwtmp.txt
To create chkwtmp under SunOS 4.x, type:
% cc -o chkwtmp chkwtmp.c
To run chkwtmp you need read permission on the file /var/adm/wtmp.
Normally this file is world-readable and no special privileges are
required to run the checker.
The following is an example of the output of chkwtmp.
Running chkwtmp on a machine with deleted wtmp-entries, under
csh(1):
% chkwtmp
1 deletion(s) between Thu Sep 29 08:23:57 1994 and Thu Sep 29
14:11:58 1994 %
Running chkwtmp on a machine with no deleted wtmp-entries, under
csh(1):
% chkwtmp
%
