unix question: unknown user logged in? hacked?
Mike Wright
xktnniuymlla at mailinator.com
Fri Apr 20 21:50:39 UTC 2007
>>>>
>>>>There is a mystery user on a remote system
>>>
>>>What lastlog says?
>.............. exists on pty/1
>
> What about using lsof?
> lsof /dev/pts/*
>
Aha! There is no /dev/pts/1 but some piece of that connection still
exists in memory somewhere.
Solution: make another remote connection. This recreates /dev/pts/1.
Now, follow that with a normal "exit" and it correctly tears down the
connection and the mystery user disappears.
Muchas gracias, Miguel.
:m)
More information about the users
mailing list