Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
sorry, this is a private test server that is behind a rtr/fw
For clarity, I don't think there is someone messing around on my system (altough I do not exclude that)
To me, it looks like some program/process/whatever has been writing to my /var/log/wtmp file by error.
Here I listed the last 15 lines with `last -n 15`
And the first two lines are regular logins:
root@cthulhu:/var/log# last -n 15
lieven pts/0 blueice3n1.uk.ib Fri Jul 29 14:36 still logged in
lieven pts/1 blueice3n1.uk.ib Fri Jul 29 12:45 - 13:00 (00:15)
but all the other lines look like rubbish:
words ify ml Thu Jul 19 20:16 gone - no logout
vers.men rmation.menu /kde-essential.m Wed Oct 22 18:03 gone - no logout
ppy.desk e.desktop heet.ksp Tue Jul 27 23:24 gone - no logout
itors.di tory ents.directory Wed Feb 2 07:49 gone - no logout
director directory ettings-looknfee Mon Sep 5 21:33 gone - no logout
ilterwra p esktop Mon Feb 15 03:59 gone - no logout
dule.des desktop pareviewpart.des Thu Jul 27 11:31 gone - no logout
sktop prfilter.des rces_plugin.desk Fri Nov 4 21:11 gone - no logout
sktop hprovider.de p Tue Sep 12 21:58 gone - no logout
e.deskto a.desktop Thu Mar 9 12:20 gone - no logout
*sr g.png g Tue May 28 19:20 gone - no logout
sd .png */entry.desktop Thu Dec 29 01:18 gone - no logout
g flag.png qa Wed Dec 28 07:06 gone - no logout
wtmp begins Tue Aug 15 07:27:12 1995
=> even the dates are not chronological like they should be
This is just my personal self-education server.
I always log in remotely to the ssh daemon. There are only a few other user accounts on this pc. About the programs, I have a ddclient running as daemon, apache2 server with php support, mysqld and that's it. (since I'm mostly occupied with my personal webpage) I don't have xwindows running, not even installed.
But I have two backup scripts running, one that makes a full backup every friday and another one that makes a daily backup of every file that changed in the last 24 hours. The daily bu script has been corrupted or something I guess because when I checked it, I found following text in the file:
For some reason it became like that. Originally, it was like:
at first, I also made a backup of the whole /var directory but I removed that because I think that it doesn't made any sense, since It contained a lot of files that don't need to be backupped.
echo "start incremental backup"
if [ ! -d /mnt/hdb/bu ]; then
echo -n "creating bu directory... "
if [ "$?" -eq 0 ]; then
echo "failed" >&2
echo "cannot create /mnt/hdb/bu... stop script" >&2
for fl in $FILES; do
set -- `echo $fl | tr , \ `
echo -n "incremental backup $day : $1 ... "
tar cvf $2 `find $1 -mtime -1 -type f` 1>/mnt/hdb/bu/bulog_$day.txt 2>>/mnt/hdb/bu/bulogerr_$day.txt
if [ "$?" -eq 0 ]; then
echo "incremental backup $day done"
=> I restored the original file now, works ok. (tested) The bu script runs at the same time as the logrotate. maybe it has to do with that? But the wtmp file is only rotated every month as I could see in the config:
# Rotate /var/log/wtmp:
create 0664 root utmp
All other log files look intact, none of them has any strange entries like in the wmtp file.
edit: I am the only one with a physical access, there still is a keyboard and screen attached to the pc but they're hardly ever used since it's an old bad screen. However, my cat tries to login on a regular basis but she never even gets the userid right. :-)
There are 7 account that can login but only 1 is regulary used, the others are rarely used and 1 of them are locked in a chroot-cell, they only see their own home directory and only have the bash shell builtin cmds and some other small programs.
All of the accounts belong to friends/family that I personaly know and trust. They sometimes upload some small files, mostly text.