[15274] in Hotline Meeting
e51-007-3
daemon@ATHENA.MIT.EDU (Matt Braun)
Wed Apr 21 20:07:51 1993
To: hotline@Athena.MIT.EDU, hacked-ws@Athena.MIT.EDU
Date: Wed, 21 Apr 93 20:07:35 EDT
From: Matt Braun <mhbraun@Athena.MIT.EDU>
A user in OLC complained about some problems on the machine and I found
ls -l /etc/utmp
lrwxrwxr-x 1 root 9 Apr 7 00:48 /etc/utmp -> /dev/null
e51-007-3# last root
root ttyp2 TAILGUNNER.MIT.E Wed Apr 21 20:00 still logged in
root ttyqf :0.0 Sat Apr 17 11:37 - 13:28 (01:50)
root ttyqf :0.0 Sat Apr 10 10:32 - 11:28 (00:55)
root ttyqf :0.0 Thu Apr 8 21:09 - 21:15 (00:05)
root ttyqf :0.0 Mon Apr 5 20:55 - 21:30 (00:34)
e51-007-3# tail /usr/adm/sulog
SU: rptaurie /dev/ttyp1 Wed Sep 9 13:44:51 1992
BADSU: neslihan /dev/ttyp0 Fri Nov 13 16:44:49 1992
SU: wchuang /dev/ttyp0 Mon Mar 8 00:21:44 1993
SU: montreal /dev/ttyp1 Wed Apr 7 00:48:36 1993
SU: (null) /dev/ttyp0 Fri Apr 9 12:31:07 1993
SU: (null) /dev/ttyp0 Wed Apr 21 19:47:49 1993
SU: (null) /dev/ttyp2 Wed Apr 21 19:52:31 1993
SU: (null) /dev/ttyp1 Wed Apr 21 19:55:21 1993
It looks like user montreal was the colprit.
Matt
