wnn user (was Re: brute force ssh attack)
Joel
rees at ddcom.co.jp
Mon May 2 02:54:33 UTC 2005
On Fri, 29 Apr 2005 17:27:58 -0400
"M.Rudra" <dr.rudra at gmail.com> wrote
> On 4/27/05, Thomas Cameron <thomas.cameron at camerontech.com> wrote:
> > > something.) Also check in /tmp and /var. And any luck with the
> > > .bash_history? (For both the users and for root....)
> >
> > Especially /var/tmp - that's a common place for rootkits to live.
>
> a doubt here ,
>
> i checked /tmp and found
>
> srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4
> why does this file (socket) have different owner and user, while all
> others have either root or userabc.
wnn is your input method's user. (That's the software that allows you to
type in non-Latin script with more characters than fit on the keyboard.)
> [...]
--
Joel Rees <rees at ddcom.co.jp>
digitcom, inc. 株式会社デジコム
Kobe, Japan +81-78-672-8800
** <http://www.ddcom.co.jp> **
More information about the users
mailing list