wnn user (was Re: brute force ssh attack)

Joel rees at ddcom.co.jp
Mon May 2 02:54:33 UTC 2005


On Fri, 29 Apr 2005 17:27:58 -0400
"M.Rudra" <dr.rudra at gmail.com> wrote

> On 4/27/05, Thomas Cameron <thomas.cameron at camerontech.com> wrote:
> > > something.) Also check in /tmp and /var. And any luck with the
> > > .bash_history? (For both the users and for root....)
> > 
> > Especially /var/tmp - that's a common place for rootkits to live.
> 
> a doubt  here , 
> 
> i checked /tmp and found 
> 
> srwxrwxrwx    1 wnn      wnn             0 Apr 27 22:30 jd_sockV4 
> why does this file (socket) have different owner and user, while all
> others have either root or  userabc.

wnn is your input method's user. (That's the software that allows you to
type in non-Latin script with more characters than fit on the keyboard.)

> [...]


--
Joel Rees   <rees at ddcom.co.jp>
digitcom, inc.   株式会社デジコム
Kobe, Japan   +81-78-672-8800
** <http://www.ddcom.co.jp> **




More information about the users mailing list