Ok, now I see 3 users logged in...
Here is what the machine's 'who' shows me:
Code:
root tty2 May 12 20:31
root tty5 May 12 15:35
root tty3 May 12 14:09
root pts/131 May 13 12:57 (laptop.domain)
(the last line is ok, it is me logging into the server via ssh.)
This is what 'last' shows me:
Code:
root pts/131 laptop.domain Thu May 13 12:57 still logged in
root pts/130 laptop.domain Thu May 13 11:32 - 12:13 (00:40)
root pts/127 laptop.domain Wed May 12 23:56 - 00:03 (00:07)
root pts/126 laptop.domain Wed May 12 23:30 - 23:42 (00:11)
root tty2 Wed May 12 23:28 - 03:00 (03:31)
root tty2 Wed May 12 21:49 - 22:48 (00:58)
root tty2 Wed May 12 20:31 - 21:49 (01:18)
root pts/125 laptop.domain Wed May 12 19:16 - 19:17 (00:00)
root pts/124 laptop.domain Wed May 12 18:31 - 20:43 (02:11)
chino pts/123 laptop.domain Wed May 12 17:20 - 17:23 (00:02)
root pts/122 laptop.domain Wed May 12 15:50 - 15:51 (00:01)
root tty2 Wed May 12 15:36 - 20:31 (04:54)
root tty5 Wed May 12 15:35 gone - no logout
root tty3 Wed May 12 15:16 - 15:35 (00:19)
root tty3 Wed May 12 14:29 - 14:30 (00:01)
root tty2 Wed May 12 14:22 - 15:36 (01:14)
root tty2 Wed May 12 14:20 - 14:22 (00:01)
root tty4 Wed May 12 14:09 - 14:20 (00:10)
root tty3 Wed May 12 14:09 - 14:29 (00:20)
root tty2 Wed May 12 14:09 - 14:10 (00:00)
root tty2 Wed May 12 14:08 - 14:09 (00:00)
root tty3 Wed May 12 00:06 - 14:09 (14:03)
root tty2 Tue May 11 15:55 - 19:44 (03:48)
chino pts/27 laptop.domain Tue May 11 15:20 - 15:55 (00:35)
root tty2 Tue May 11 15:19 - 15:55 (00:36)
chino pts/26 laptop.domain Tue May 11 15:15 - 15:15 (00:00)
chino pts/25 laptop.domain Tue May 11 10:29 - 10:30 (00:00)
chino pts/24 laptop.domain Tue May 11 09:05 - 09:06 (00:00)
chino pts/21 laptop.domain Mon May 10 21:49 - 21:49 (00:00)
chino pts/20 laptop.domain Mon May 10 19:00 - 19:01 (00:00)
root tty2 Mon May 10 14:18 - 14:22 (00:04)
chino pts/19 laptop.domain Mon May 10 14:15 - 14:22 (00:07)
root tty2 Mon May 10 14:07 - 14:18 (00:10)
chino pts/18 laptop.domain Mon May 10 13:27 - 13:28 (00:00)
root tty2 Mon May 10 13:19 - 14:07 (00:47)
chino pts/17 laptop.domain Mon May 10 13:10 - 13:15 (00:04)
chino pts/16 laptop.domain Mon May 10 13:09 - 13:10 (00:00)
root tty3 Mon May 10 12:57 - 13:19 (00:22)
chino pts/13 laptop.domain Mon May 10 12:28 - 13:09 (00:40)
chino pts/12 laptop.domain Mon May 10 10:29 - 13:09 (02:39)
root tty3 Mon May 10 10:25 - 12:36 (02:10)
root tty2 Mon May 10 10:18 - 13:19 (03:00)
root tty2 Mon May 10 09:47 - 10:18 (00:31)
root tty2 Mon May 10 02:19 - 09:47 (07:28)
chino pts/11 laptop.domain Mon May 10 01:19 - 01:21 (00:01)
root tty3 Sun May 9 23:55 - 23:55 (00:00)
root tty2 Sun May 9 23:55 - 02:19 (02:24)
root tty2 Sun May 9 22:43 - 23:55 (01:11)
root tty3 Sun May 9 20:56 - 21:41 (00:44)
root tty5 Sun May 9 19:17 - 15:35 (2+20:18)
root tty6 Sun May 9 19:15 - 19:18 (00:02)
root tty5 Sun May 9 18:43 - 19:17 (00:34)
root tty4 Sun May 9 18:37 - 19:17 (00:39)
root pts/10 laptop.domain Sun May 9 17:32 - 17:33 (00:01)
root tty3 Sun May 9 15:11 - 19:18 (04:07)
root tty2 Sun May 9 15:06 - 22:43 (07:37)
root tty2 Sun May 9 15:06 - 22:43 (07:37)
root tty2 Sun May 9 13:47 - 15:06 (01:18)
root tty2 Sun May 9 09:57 - 13:47 (03:50)
root tty2 Sun May 9 09:43 - 09:57 (00:13)
root tty2 Sun May 9 01:08 - 09:43 (08:35)
root tty2 Sun May 9 00:21 - 01:08 (00:46)
root tty2 Sat May 8 23:32 - 00:13 (00:40)
reboot system boot 2.6.5-gentoo-r1 Sun May 9 01:31 (4+11:27)
root tty3 Sat May 8 23:27 - down (00:03)
root tty2 Sat May 8 23:24 - down (00:06)
reboot system boot 2.6.5-gentoo-r1 Sun May 9 01:23 (-1:-53)
root tty5 Sat May 8 22:35 - down (00:46)
root tty4 Sat May 8 21:32 - down (01:49)
root tty3 Sat May 8 21:20 - down (02:02)
root tty2 Sat May 8 21:06 - down (02:16)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 22:57 (00:25)
root tty1 Sat May 8 20:54 - down (00:01)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 22:53 (-1:-57)
root tty1 Sat May 8 20:51 - down (00:00)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 22:51 (-1:-59)
root tty1 Sat May 8 20:49 - down (00:00)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 22:48 (-1:-58)
root tty3 Sat May 8 20:42 - 20:42 (00:00)
root tty2 Sat May 8 20:23 - down (00:23)
root tty2 Sat May 8 14:29 - 14:38 (00:09)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 15:02 (05:44)
root tty4 Sat May 8 12:44 - down (00:16)
root tty4 Sat May 8 12:42 - 12:44 (00:02)
root tty2 Sat May 8 12:42 - down (00:18)
root tty4 Sat May 8 12:41 - 12:42 (00:00)
root tty3 Sat May 8 12:39 - down (00:21)
root tty2 Sat May 8 12:38 - 12:42 (00:03)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 04:57 (08:03)
root tty2 Sat May 8 02:40 - down (00:14)
root tty3 Sat May 8 01:36 - 01:49 (00:13)
root tty2 Sat May 8 01:34 - 01:37 (00:03)
reboot system boot 2.6.5-gentoo-r1 Sat May 8 03:25 (00:-29)
root tty3 Sat May 8 01:22 - down (00:01)
root tty5 Sat May 8 01:16 - 01:24 (00:07)
root tty4 Sat May 8 00:46 - 01:24 (00:37)
root tty3 Sat May 8 00:38 - 01:21 (00:43)
root tty2 Fri May 7 15:26 - down (09:57)
root tty2 Fri May 7 10:03 - 15:26 (05:22)
root tty2 Fri May 7 02:11 - 02:11 (00:00)
root pts/2 192.168.0.100 Fri May 7 02:07 - 02:07 (00:00)
reboot system boot 2.6.5-gentoo-r1 Fri May 7 04:06 (21:17)
root pts/2 192.168.0.100 Fri May 7 02:03 - 02:03 (00:00)
root tty1 Fri May 7 02:01 - down (00:03)
reboot system boot 2.6.5-gentoo-r1 Fri May 7 04:01 (-1:-56)
root tty3 Fri May 7 00:14 - 00:16 (00:02)
root tty2 Thu May 6 23:48 - down (02:10)
root tty1 Thu May 6 20:22 - down (05:36)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 22:21 (03:37)
root tty1 Thu May 6 20:17 - down (00:03)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 22:16 (-1:-56)
root tty6 Thu May 6 19:56 - down (00:18)
root tty4 Thu May 6 19:41 - down (00:33)
root tty3 Thu May 6 19:38 - down (00:36)
root tty2 Thu May 6 19:32 - down (00:42)
root tty1 Thu May 6 19:29 - down (00:46)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 21:28 (-1:-13)
root tty1 Thu May 6 19:21 - down (00:05)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 21:21 (-1:-53)
root tty1 Thu May 6 19:18 - down (00:00)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 21:18 (-1:-58)
root tty1 Thu May 6 19:01 - down (00:13)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 21:01 (-1:-46)
root tty1 Thu May 6 18:54 - down (00:05)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:53 (-1:-53)
root tty1 Thu May 6 18:47 - down (00:04)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:46 (-1:-54)
root tty1 Thu May 6 18:41 - down (00:03)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:39 (-1:-54)
root tty1 Thu May 6 18:37 - down (00:00)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:36 (-1:-57)
root tty1 Thu May 6 18:32 - down (00:01)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:31 (-1:-57)
root tty1 Thu May 6 18:06 - down (00:23)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 20:05 (-1:-35)
root tty1 Thu May 6 17:56 - down (00:07)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:55 (-1:-51)
root tty1 Thu May 6 17:46 - down (00:07)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:46 (-1:-52)
root tty1 Thu May 6 17:25 - down (00:18)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:25 (-1:-40)
root tty1 Thu May 6 17:23 - down (00:01)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:22 (-1:-58)
root tty1 Thu May 6 17:17 - down (00:03)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:16 (-1:-55)
root tty1 Thu May 6 17:06 - down (00:09)
root pts/2 192.168.0.100 Thu May 6 17:06 - down (00:09)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 19:05 (-1:-50)
root tty2 Thu May 6 17:02 - down (00:01)
chino pts/4 192.168.0.100 Thu May 6 16:58 - down (00:05)
chino pts/3 192.168.0.100 Thu May 6 16:58 - 16:58 (00:00)
root tty1 Thu May 6 16:56 - down (00:07)
chino pts/2 192.168.0.100 Thu May 6 16:48 - 16:56 (00:08)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 18:47 (-1:-43)
root tty1 Thu May 6 16:41 - down (00:04)
chino pts/2 192.168.0.100 Thu May 6 16:41 - 16:43 (00:02)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 18:39 (-1:-53)
root pts/3 192.168.0.100 Thu May 6 16:32 - down (00:06)
root pts/2 192.168.0.100 Thu May 6 16:22 - 16:23 (00:00)
root tty1 Thu May 6 16:21 - down (00:16)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 18:21 (-1:-42)
root tty1 Thu May 6 16:03 - down (00:03)
reboot system boot 2.6.5-gentoo-r1 Thu May 6 18:03 (-1:-56)
root tty6 Thu May 6 13:21 - down (02:40)
root tty5 Thu May 6 11:46 - down (04:15)
root tty6 Wed May 5 17:35 - 17:36 (00:00)
root tty6 Wed May 5 17:32 - 17:32 (00:00)
root tty5 Wed May 5 17:29 - 11:46 (18:16)
root tty4 Wed May 5 16:36 - down (23:24)
root tty3 Wed May 5 16:24 - down (23:37)
root tty3 Wed May 5 16:21 - 16:24 (00:02)
ftp ftpd4811 192.168.0.101 Wed May 5 16:15 - 16:19 (00:04)
ftp ftpd4810 192.168.0.101 Wed May 5 16:15 - 16:15 (00:00)
ftp ftpd4809 192.168.0.100 Wed May 5 16:14 - 16:14 (00:00)
ftp ftpd4808 localhost Wed May 5 16:14 - 16:14 (00:00)
root tty5 Wed May 5 15:02 - 16:35 (01:33)
root tty4 Wed May 5 13:37 - 16:35 (02:57)
root tty4 Wed May 5 13:21 - 13:21 (00:00)
root tty3 Wed May 5 00:09 - 16:21 (16:12)
root tty3 Wed May 5 00:08 - 00:09 (00:01)
root tty3 Wed May 5 00:03 - 00:03 (00:00)
root tty2 Tue May 4 23:51 - down (1+16:09)
root tty1 Tue May 4 23:36 - down (1+16:25)
reboot system boot 2.6.5-gentoo-r1 Wed May 5 01:33 (1+14:27)
root tty1 Tue May 4 22:14 - down (01:18)
root tty2 Tue May 4 22:12 - 22:14 (00:01)
root tty2 Tue May 4 21:52 - 22:00 (00:07)
root tty1 Tue May 4 21:35 - 22:14 (00:39)
root tty1 Tue May 4 17:38 - 21:35 (03:57)
root tty1 Tue May 4 17:21 - 17:31 (00:10)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 19:20 (04:12)
root pts/4 192.168.0.23 Tue May 4 17:06 - down (00:11)
chino tty1 Tue May 4 16:37 - down (00:40)
root pts/3 192.168.0.23 Tue May 4 16:27 - 16:55 (00:27)
chino tty1 Tue May 4 16:23 - 16:23 (00:00)
root tty1 Tue May 4 16:20 - 16:23 (00:02)
chino pts/0 192.168.0.23 Tue May 4 15:12 - 16:23 (01:11)
root tty1 Tue May 4 15:10 - 16:20 (01:09)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 17:10 (00:07)
root tty2 Tue May 4 14:50 - down (00:18)
root tty1 Tue May 4 14:50 - down (00:19)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 16:49 (-1:-40)
root tty3 Tue May 4 14:44 - 14:44 (00:00)
root tty2 Tue May 4 14:42 - down (00:06)
root tty1 Tue May 4 14:40 - down (00:07)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 16:39 (-1:-51)
root tty2 Tue May 4 13:50 - down (00:47)
root tty2 Tue May 4 13:43 - 13:50 (00:07)
root tty3 Tue May 4 13:29 - 13:50 (00:21)
chino tty2 Tue May 4 13:27 - 13:43 (00:15)
chino tty1 Tue May 4 13:23 - down (01:15)
root tty1 Tue May 4 13:23 - 13:23 (00:00)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 15:22 (00:-44)
reboot system boot 2.6.5-gentoo-r1 Tue May 4 14:59 (-1:-57)
Some local root logins, some remote ssh logins (root/chino)...
The first line is ok, it is my current ssh session.
One lines says "gone - no logout". I had to kill this one because the
terminal was not responding anymore. I don't think this has anything to do with
this problem because I already had 3 unknown logged in users before this happened.
here is what "lastlog" shows me:
Code:
Username Port From Latest
root pts/131 laptop.domain Thu May 13 12:57:21 +0200 2004
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
news **Never logged in**
uucp **Never logged in**
operator **Never logged in**
man **Never logged in**
postmaster **Never logged in**
cron **Never logged in**
ftp **Never logged in**
sshd **Never logged in**
at **Never logged in**
squid **Never logged in**
gdm **Never logged in**
xfs **Never logged in**
games **Never logged in**
named **Never logged in**
mysql **Never logged in**
postgres **Never logged in**
apache **Never logged in**
nut **Never logged in**
cyrus **Never logged in**
vpopmail **Never logged in**
alias **Never logged in**
qmaild **Never logged in**
qmaill **Never logged in**
qmailp **Never logged in**
qmailq **Never logged in**
qmailr **Never logged in**
qmails **Never logged in**
postfix **Never logged in**
smmsp **Never logged in**
portage **Never logged in**
guest **Never logged in**
chino pts/123 laptop.domain Wed May 12 17:20:07 +0200 2004
proftpd **Never logged in**
snort **Never logged in**
.oO(confused...)
So, what's the deal here?
Any help would be appreciated.
Regards,
/shad
