[17617] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
linux 8.3.28: wtmp

daemon@ATHENA.MIT.EDU (Travis C Furrer)
Sat Mar 4 13:35:46 2000

Message-Id: <200003041835.NAA05576@w20-575-35.mit.edu>
To: bugs@MIT.EDU
Date: Sat, 04 Mar 2000 13:35:40 -0500
From: Travis C Furrer <furrer@MIT.EDU>

System name:		w20-575-35.mit.edu
Type and version:	i686 8.3.28
Display type:		

Shell:			/bin/athena/tcsh
Window manager:		none

What were you trying to do?
	Use the 'who' command to verify that another user is not
        logged on to this public athena workstation.

What's wrong:
	It turns out that wtmp is out of sync or something, because
        I get:

% who
furrer   pts/0    Mar  4 13:20
furrer   pts/1    Mar  4 13:26
huia     pts/2    Mar  3 15:26
furrer   ttyp0    Mar  4 13:20

        However, according to 'top' there are NO processes owned by
        huia currently running.

        Also, note the following:

% locate huia
/var/athena/sessions/huia

% finger

Local:
Login       Name               TTY Idle When        Office
furrer   Travis C Furrer       p0     3 Sat 13:20   38-107        x8-8075
furrer   Travis C Furrer       p1       Sat 13:26   38-107        x8-8075
huia                  ???
furrer   Travis C Furrer       p0    10 Sat 13:20   38-107        x8-8075
% finger @w20-575-35
[w20-575-35.MIT.EDU]
Login     Name              Tty   Idle  Login Time   Office     Office Phone
furrer    Travis C Furrer   /0       3  Mar  4 13:20            38-107
furrer    Travis C Furrer   /1          Mar  4 13:26            38-107
furrer    Travis C Furrer   p0      10  Mar  4 13:20 (:0.0)

% last
furrer   pts/1                         Sat Mar  4 13:26   still logged in   
furrer   pts/0                         Sat Mar  4 13:20   still logged in   
furrer   ttyp0        :0.0             Sat Mar  4 13:20   still logged in   
bbaroli  pts/0                         Sat Mar  4 10:04 - 10:30  (00:25)    
bbaroli  ttyp0        :0.0             Sat Mar  4 10:04 - 13:20  (03:15)    
asok     pts/1                         Sat Mar  4 03:56 - 03:57  (00:00)    
asok     pts/1                         Fri Mar  3 22:29 - 03:47  (05:17)    
.
.
.
ramonv   pts/0                         Fri Mar  3 17:54 - 18:07  (00:12)    
ramonv   ttyp1        :0.0             Fri Mar  3 17:54 - 18:07  (00:12)    
jenson   pts/0                         Fri Mar  3 16:59 - 17:34  (00:34)    
jenson   ttyp0        :0.0             Fri Mar  3 16:59 - 17:34  (00:34)    
yobofunk pts/0                         Fri Mar  3 15:58 - 16:03  (00:05)    
yobofunk ttyp1        :0.0             Fri Mar  3 15:58 - 16:03  (00:05)    
huia     pts/2                         Fri Mar  3 15:26   still logged in   
huia     pts/1                         Fri Mar  3 15:26 - 18:02  (02:35)    
huia     pts/0                         Fri Mar  3 15:26 - 15:58  (00:31)    
huia     ttyp0        :0.0             Fri Mar  3 15:26 - 15:30  (00:03)    
erkmen   pts/0                         Fri Mar  3 14:48 - 14:59  (00:10)    
erkmen   ttyp0        :0.0             Fri Mar  3 14:48 - 14:59  (00:10)    
libway   pts/0                         Fri Mar  3 14:14 - 14:48  (00:34)    
libway   ttyp0        :0.0             Fri Mar  3 14:14 - 14:37  (00:23)
.
.
.



What should have happened:
	The who command should not show any other users.
        When it does, I tend to think the machine has been hacked...

Please describe any relevant documentation references:
	N/A

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[17617] in Athena Bugs

linux 8.3.28: wtmp

daemon@ATHENA.MIT.EDU (Travis C Furrer)Sat Mar 4 13:35:46 2000

daemon@ATHENA.MIT.EDU (Travis C Furrer)
Sat Mar 4 13:35:46 2000
