I've been using Linux for a a few years, but I'm still a little green around the edges. I recently noticed the following in my lab hosts at school, and I am trying to figure out what the system logins mean. The man page gives no info about the Comment section. The man page implies these are incoming or local logins. The hosts are all running Slackware 14.1.
Are these incoming login connections, outgoing connections, or something else? I do not expect to see these login sessions on my lab machines, and every machine I have looked at has them (always a subset of c1-c6), so I am mildly concerned. We have some cisco routers that are named c1 through c5, but there is no c6 router.
Code:
$ who -l
NAME LINE TIME IDLE PID COMMENT
userme + tty1 2016-02-25 11:05 02:52 867
LOGIN tty2 2016-02-25 11:04 868 id=c2
LOGIN tty3 2016-02-25 11:04 869 id=c3
LOGIN tty4 2016-02-25 11:04 870 id=c4
LOGIN tty5 2016-02-25 11:04 871 id=c5
LOGIN tty6 2016-02-25 11:04 872 id=c6
Looking at the processes, I see the following:
Code:
$ ps -ef | grep 869
root 869 1 0 11:04 tty3 00:00:00 /sbin/agetty 38400 tty3 linux
$ pstree
init-+-acpid
|-5*[agetty]
|-atd
So, root is spawning ttys for these logins. But, what are they? Where can I determine why these are created, and for what purpose? Where does the id value come from? Are these possibly related to the routers, or is this some internal service login, and how would I verify that?
I can't find anything in the messages, system, or secure logs about these logins. They appear to be created about two minutes after reboot. I just rebooted and ssh'd back into this machine, and here they are again, with new times, and one new one:
Code:
$ who
LOGIN tty1 2016-02-25 14:59 876 id=c1
LOGIN tty2 2016-02-25 14:59 877 id=c2
LOGIN tty3 2016-02-25 14:59 878 id=c3
LOGIN tty4 2016-02-25 14:59 879 id=c4
LOGIN tty5 2016-02-25 14:59 880 id=c5
LOGIN tty6 2016-02-25 14:59 881 id=c6
userme + pts/0 2016-02-25 15:01 . 885 (myip)
I don't have /etc/anacrontab or /etc/crontab. Root's crontab doesn't have any jobs that run at reboot.
I recursively grep'd for c1 through c6 and agetty in my /etc/rc.d directory (which is the init directory on Slackware), and found only random other stuff like modules and keys that had the strings c1-c6 in them.
If you can point me toward identifying these, I'll owe you a drink.
-Joanna-