unix question: unknown user logged in? hacked?

Manuel Arostegui Ramirez manuel at todo-linux.com
Fri Apr 20 22:00:32 UTC 2007


El Viernes, 20 de Abril de 2007 23:50, Mike Wright escribió:
> >>>>There is a mystery user on a remote system
> >>>
> >>>What lastlog says?
> >
> >.............. exists on pty/1
> >
> > What about using lsof?
> > lsof /dev/pts/*
>
> Aha!  There is no /dev/pts/1 but some piece of that connection still
> exists in memory somewhere.

It would probably die after timeout, even if you didn't kill it.

>
> Solution: make another remote connection.  This recreates /dev/pts/1.
> Now, follow that with a normal "exit" and it correctly tears down the
> connection and the mystery user disappears.

Cool, you got it :-)
>
> Muchas gracias, Miguel.
>

Actually my name is Manuel, Miguel is another very common spanish name, so  
don't worry, it's a well-known mistake :-)

Kind regards
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.




More information about the users mailing list