[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] why did wtmp rotate?

Subject: [cobalt-security] why did wtmp rotate?
From: Dan Keller <dan@xxxxxxxxxx>
Date: Tue, 31 Jul 2001 16:28:58 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Greetings, Cobalt Guri --

On my RaQ2, last week, my /var/log/wtmp
file rotated for the first time in the 2.5 years
I've had the box.  I have never seen wtmp
get rotated before.

That is, the old wtmp was gzipped and
renamed wtmp.1.gz and a new wtmp file
was started.  Nothing wrong with that...
but as a paranoid sysadmin, I get
suspicious about log files.  Could it be a
hacker covering her tracks?  Or is there
some script that I haven't noticed before
that rotates wtmp?

I see nothing about this in the knowledgebase.
Thanks so much for any light you can shed.

Dan Keller
dan@xxxxxxxxxx
http://www.keller.com/
+1 415 861-4500 (voice)
+1 415 861-4593 (fax)

Follow-Ups:
- RE: [cobalt-security] why did wtmp rotate?
  - From: Dean Hall

Prev by Date: Re: [cobalt-security] Mail to root ???
Next by Date: Re: [cobalt-security] Mail to root ???
Previous by thread: Re: [cobalt-security] Mail to root ???
Next by thread: RE: [cobalt-security] why did wtmp rotate?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index