is last -i showing remote user logged in?
I just installed Suse 9.2, and it appears that I have a remote user logged in. Below is a sample from when I run last -i. When I checked the logs it looked as though someone was logging into or trying to log in using sshd, I removed that package. But the user is still there, logged into my username.
Is this something that Suse does? Am I reading the las command correctly? The remote IP shows for any users that log into X. I am also behind a router that is not forwarding any ports. Any advice or help would be much appreciated http://images.linuxquestions.org/que...ons/icon10.gif h_ pts/1 0.0.0.0 Fri Mar 4 10:33 still logged in h_ pts/0 0.0.0.0 Fri Mar 4 10:30 still logged in h_ :0 220.218.236.183 Fri Mar 4 10:30 still logged in h_ pts/1 0.0.0.0 Fri Mar 4 10:05 - 10:06 (00:00) h_ pts/0 0.0.0.0 Fri Mar 4 02:46 - 10:29 (07:43) h_ :0 220.218.236.183 Fri Mar 4 02:45 - 10:29 (07:43) h_ pts/2 0.0.0.0 Fri Mar 4 02:22 - 02:25 (00:02) h_ pts/1 0.0.0.0 Fri Mar 4 02:19 - 02:31 (00:12) h_ pts/0 0.0.0.0 Fri Mar 4 02:19 - 02:46 (00:26) h_ :0 220.218.236.183 Fri Mar 4 02:19 - 02:37 (00:18) root pts/1 0.0.0.0 Fri Mar 4 02:04 - 02:14 (00:09) root pts/0 0.0.0.0 Fri Mar 4 02:04 - 02:18 (00:14) root :0 220.218.236.183 Fri Mar 4 02:04 - 02:18 (00:14) |
Is that IP part of your local network? (Some have world routable IPs). Also, have you checked those times against your own activity?
|
Hello,b_s
Not sure if you like have a look here http://www.linuxquestions.org/questi...hreadid=215431 @ Matir Sorry did not see you there Great day |
it looks like that IP is logged in right when I log a user into X. I had only had Suse 9.2 installed for a day when I noticed this. I did see that ssh thread, if it guessed my password its become much better at getting in :-) Thanks for your replies, any other ideas??
|
This is a known bug:
https://bugzilla.redhat.com/bugzilla...g.cgi?id=82540 https://bugzilla.redhat.com/bugzilla...g.cgi?id=98659 http://bugs.mandrakelinux.com/query.php?bug=532 I personally submitted it to SuSE, but apparently they have better things to do like figure out how many shades of green they can make their website rather than respond to bug reports. FWIW, the IP isn't quite random but has to do with kernel version (it's used as a place holder for the remote host in the utmp logging code). |
THANK YOU Capt_Caveman!!!
I feel much better knowing that, if you do a whois on that IP it actually belongs to some hospital in china ... hopefully this bug will be resolved soon, doesnt look like its a priority to them though :) |
Quote:
|
Wow. Somebody's corrupting the utmp structures. :) How that one came out from a distro like SuSE is beyond me. I guess that's what you get when Novell buys out a distro. :)
|
Actually it's been screwed up for awhile (pre-Novell) and is found in a number of distros (redhat, mandrake, suse, etc).
|
All times are GMT -5. The time now is 03:31 AM. |