Strange connections on login.
    Jerry Feldman 
    gaf at blu.org
       
    Tue Jan 21 10:45:23 EST 2003
    
    
  
On Tue, 21 Jan 2003 07:51:36 -0500
David Lapointe <dlapointe at attbi.com> wrote:
> On the alt.os.linux.mandrake list mr e reported strange results from
> his computer and asked if others had similar results.
> 
> Running 'last -aidx'  I get the same results that he did, i.e. a
> connection to 143.132.4.8 on login.  
The information comes from the utmp (in /var/run on Linux) and wtmp
(usially in /var/log on Linux) files. 
First, shutdown to single user mode. 
Second, truncate the wtmp file by touching it. 
Note that the utmp file is created on system startup. It shows current
activity only. The wtmp file grows forever unless you do something to
shorten it. Sometimes the logrotate procedure will shorten it. 
If the problem does not go away, when you need to find out how
143.132.4.8  is getting logged in. My thoughts is that the wtmp file is
left over from installation. 
-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030121/bffeed9e/attachment.sig>
    
    
More information about the Discuss
mailing list