On Wed, May 07, 2003 at 02:51:39PM +0100, Ian Goodall wrote: > I am running a debian woody server and when I checked the last users > yesterday I a large number of logins in the list. On running the command > today I get the following: > > dev1:/home/ian# last > ian pts/0 172.16.3.195 Wed May 7 14:49 still logged in > team1 pts/0 blue99.ex.ac.uk Wed May 7 13:21 - 13:57 (00:35) > > I have run chkrootkit but nothing was found. > [snip] Could it be that wtmp has been rotated? If the wtmp gets to a certain size or date (I can't remember exactly) it normally gets rotated. If you "cd /var/log" and then "ls -l |grep wtmp" you'll probably see wtmp.X - Where X is a number, like 1 where the file has been rotated. HTH, David. -- .''`. David Ramsden <david@hexstream.eu.org> : :' : http://portal.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Attachment:
pgp0wuZNnwwLe.pgp
Description: PGP signature