[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] why did wtmp rotate?

Subject: RE: [cobalt-security] why did wtmp rotate?
From: "Dean Hall" <dean@xxxxxxxxxx>
Date: Tue, 31 Jul 2001 17:28:28 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> On my RaQ2, last week, my /var/log/wtmp
> file rotated for the first time in the 2.5 years
> I've had the box.  I have never seen wtmp
> get rotated before.
> 
> That is, the old wtmp was gzipped and
> renamed wtmp.1.gz and a new wtmp file
> was started.  Nothing wrong with that...
> but as a paranoid sysadmin, I get
> suspicious about log files.  Could it be a
> hacker covering her tracks?  Or is there
> some script that I haven't noticed before
> that rotates wtmp?

Take a look at your /etc/rotate.conf (raq4) or your raq2 equivalent and
check the parameters.  It may be configured to rotate on reaching a
certain size and not weekly, monthly, yearly, etc.  If that's the case,
unzip it and see if the size it right to have triggered the rotate.

  
---- 
Dean Hall at Tactix ReEngineering ( dean@xxxxxxxxxx ) 
503 520-9699  http://www.tactix.com

Follow-Ups:
- RE: [cobalt-security] why did wtmp rotate?
  - From: Dan Keller

References:
- [cobalt-security] why did wtmp rotate?
  - From: Dan Keller

Prev by Date: Re: [cobalt-security] Mail to root ???
Next by Date: Re: [cobalt-security] Mail to root ???
Previous by thread: [cobalt-security] why did wtmp rotate?
Next by thread: RE: [cobalt-security] why did wtmp rotate?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index