unix question: unknown user logged in? hacked?
Mike Wright
xktnniuymlla at mailinator.com
Fri Apr 20 20:42:18 UTC 2007
Hi all,
There is a mystery user on a remote system that I can't identify. I
want to be sure that it's not an uninvited guest :( If anybody is
willing to help I'd be most aprpreciative.
Running fc6, but I don't thinks it's relevant, although it may be.
The box is at a remote location and I access it via ssh. When I run
"top" it shows 2 users, but when I run "who" it shows only one, me, from
my remote location.
At first I thought it might have been a left open login on one of the
mingetty's so I disabled them all in inittab and changed runlevels from
3 to 4 and saw that all the mingetty's were gone (I think that should
logout anybody on one of those), then returned to runlevel 3 and re-ran
"top". Still 2 users.
I don't think it can be anybody left over from a previous runlevel 5.
I ran "ps auxf" and went over it line by line and couldn't find any
other bash sessions than my current remote login on pts/0.
Anybody know how to identify the second user shown by top?
I'm very paranoid about hackers/owners/skiddies and this definitely has
my ears perked up.
Thanks in advance for any tips or ideas,
Mike Wright :m)
More information about the users
mailing list