Re: `su to root' entry in syslog

To: bhmit1@mail.wm.edu
Cc: Ben Pfaff <pfaffben@pilot.msu.edu>, Debian User Mailing List <debian-user@lists.debian.org>
Subject: Re: `su to root' entry in syslog
From: Ben Pfaff <pfaffben@pilot.msu.edu>
Date: 15 Nov 1997 17:33:46 -0500
Message-id: <873ekxu6r9.fsf@pfaffben.user.msu.edu>
Reply-to: pfaffben@pilot.msu.edu
In-reply-to: Brandon Mitchell's message of Sat, 15 Nov 1997 17:09:19 -0500 (EST)
References: <Pine.LNX.3.96.971115165616.11998A-100000@cnhobbes.ml.org>

Brandon Mitchell <bhmit1@mail.wm.edu> writes:
> Since these are all from his machine, maybe he's been hacked and doesn't
> know it yet.

Well, it's a Win95 box on the other end of a dialup line. :-)

> sudo and suid programs won't cause this log entry.  Another good idea may
> be to move su to another location (su.orig), and place a script that sends
> you an alarm and sleeps for a minute in it's place, e.g.:

I've done this.  Let's just wait...

FWIW, here's his .bash_history, in case something jumps out at you.
Nothing seems suspicious to me:

    exit
    lynx
    logout
    ls
    rm L98767TMP.html 
    ls
    rm L98766TMP.bin 
    ls
    logout
    lynx
    logout
    ps
    logout
    kill 4690
    logout
    password
    ls
    ls p
    ls p*
    ps
    whoami
    users
    users /?
    users --help
    lynx
    talk blp@pfaffben.user.msu.edu
    lynx
    linx
    lynx
-- 
Ben Pfaff <pfaffben@pilot.msu.edu> <blp@gnu.org> <pfaffben@debian.org>


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: `su to root' entry in syslog
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>

Prev by Date: Re: `su to root' entry in syslog
Next by Date: telnet problems with german umlauts
Previous by thread: Re: `su to root' entry in syslog
Next by thread: weird printing problem
Index(es):
- Date
- Thread