unix question: unknown user logged in? hacked?
Manuel Arostegui Ramirez
manuel at todo-linux.com
Fri Apr 20 22:00:32 UTC 2007
El Viernes, 20 de Abril de 2007 23:50, Mike Wright escribió:
> >>>>There is a mystery user on a remote system
> >>>
> >>>What lastlog says?
> >
> >.............. exists on pty/1
> >
> > What about using lsof?
> > lsof /dev/pts/*
>
> Aha! There is no /dev/pts/1 but some piece of that connection still
> exists in memory somewhere.
It would probably die after timeout, even if you didn't kill it.
>
> Solution: make another remote connection. This recreates /dev/pts/1.
> Now, follow that with a normal "exit" and it correctly tears down the
> connection and the mystery user disappears.
Cool, you got it :-)
>
> Muchas gracias, Miguel.
>
Actually my name is Manuel, Miguel is another very common spanish name, so
don't worry, it's a well-known mistake :-)
Kind regards
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the fedora-list
mailing list