lastlog root entry
Hi. The other day I did a 'lastlog' and found an entry like the following:
Code:
root pts/6 :0.0 Mon Nov 1 23:53:48 +0100 2004 Code:
# last -adix I also found a related entry with 'utmpdump': Code:
utmpdump /var/log/wtmp Where does this entry come from, then? Any help will be greatly appreciated. |
If you logged into root you would see that... from what I can see it looks like all 3 times you show are the same login attempt... did you happen to log into root at that specific time???
|
I've never logged in a session as root. Of course, I've run root shells from my normal user account by means of 'su', but if I'm not mistaken these don't go into 'wtmp'.
Yes, the three logs correspond to the same login attempt. Going into the logs from that day I see that I opened a 'su' shell at 23:48:57, but the time of the logs is 23:53:48. Also, I've noticed that in the output of 'last' I have another login from Nov. 9, not from root but from my normal user account: Code:
foobar :0 Tue Nov 9 15:16 - crash (1+10:53) Any hint regarding these two entries appreciated. |
All times are GMT -5. The time now is 09:03 AM. |