[Tfug] lastlog program
rfs_lists at mac.com
rfs_lists at mac.com
Sat Dec 30 20:50:56 MST 2006
Weird.
/usr/bin/last has always been there -- it's only useful if the hacker
didn't screw with your lastlog. The log not the binary. In other
words, they have to be a real dumb skiddie to leave that kind of
evidence.
The fact it doesn't exist across platforms (not in Darwin, Solaris at
least) means that in a heterogeneous environment you'd want to use /
usr/bin/last with a touch of judicious grepping.
Kinda weird that anyone chose to compile it, let alone built it into
a distro.
1. duplication of effort from /usr/bin/last (almost)
2. change -t[tty] to -t[days] instead of adding -d[days]
3. /usr/bin/lastlog and /var/{adm,log}/lastlog are not the same thing
Sweet! Built-in security-by-obscurity! Or something.
R.
On Dec 30, 2006, at 1:52 pm, Felix Tilley wrote:
> Does anyone run /usr/bin/lastlog?
>
> Interesting. I did not know about this program until a few minutes
> ago.
>
> I saw it on comp.os.linux.security
>
> I have been using Linux for 6 years.
>
>
>
>
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
--
Richard Smit
More information about the tfug
mailing list