LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-19-2010, 11:34 AM   #1
curos
Member
 
Registered: Aug 2003
Distribution: Slackware
Posts: 72

Rep: Reputation: 15
w shows 2 users when there's only 1


I'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?

Code:
curos@histeria:~$ w
 16:17:25 up 4 days, 11:56,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
curos    pts/0    adsl-62-136-40-8 16:02    0.00s  0.02s  0.00s w
Then I get root to login, it still reports 2 users (this time, correctly)

Code:
curos@histeria:~$ w
 16:19:20 up 4 days, 11:58,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     hvc0     -                16:19    7.00s  0.00s  0.00s -bash
curos    pts/0    adsl-62-136-40-8 16:02    0.00s  0.02s  0.00s w
Note: this is a xen VPS (does that matter?)

Also, I notice a logger running when i run netstat -pane (it's the last line)
Is that normal logging duties to open up a DGRAM socket?
Code:
histeria:~# netstat -pane
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 0.0.0.0:21           0.0.0.0:*               LISTEN      0          26269       11867/sshd      
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      102        16795       5206/mysqld     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          17818       5973/exim4      
tcp        0      0 148.145.78.18:11     62.136.40.8:49718     ESTABLISHED 0          28498       12518/sshd: curos
tcp6       0      0 :::21                :::*                    LISTEN      0          26267       11867/sshd      
tcp6       0      0 :::80                   :::*                    LISTEN      0          27270       12124/apache2   
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    1956     594/udevd           @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     16796    5206/mysqld         /var/run/mysqld/mysqld.sock
unix  4      [ ]         DGRAM                    25840    1132/rsyslogd       /dev/log
unix  2      [ ]         DGRAM                    29043    12583/login         
unix  3      [ ]         STREAM     CONNECTED     28533    12518/sshd: curos 
unix  3      [ ]         STREAM     CONNECTED     28532    12520/0             
unix  2      [ ]         DGRAM                    28531    12518/sshd: curos 
unix  2      [ ]         DGRAM                    16791    5207/logger
ips, username, etc changed as necessary

Last edited by curos; 09-19-2010 at 11:36 AM. Reason: stupid mistake
 
Old 09-19-2010, 11:48 AM   #2
curos
Member
 
Registered: Aug 2003
Distribution: Slackware
Posts: 72

Original Poster
Rep: Reputation: 15
Ok, I did some more searching. It seems that the file /var/run/utmp can sometimes get corrupt and incorrectly report the number of users that are logged in. I ended up following the advice from the second link

Sources:
http://ubuntu-virginia.ubuntuforums....d.php?t=986638
http://www.mail-archive.com/redhat-l.../msg02706.html

I'm still not sure about the logger thing though, maybe that's a separate question. Marking this as answered (unless someone wants to comment on the logger item)
 
Old 09-19-2010, 12:08 PM   #3
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by curos View Post
Also, I notice a logger running when i run netstat -pane (it's the last line)
Is that normal logging duties to open up a DGRAM socket?
AFAIK, it is normal because /dev/log is a simple unix datagram socket.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
uptime cmd shows 5 users but thats wrong thoron! Slackware 7 02-21-2012 02:58 PM
KDE log in screen no longer shows all the users swamprat SUSE / openSUSE 6 11-06-2007 03:41 PM
w shows 2 users while I'm alone on the system! jaggy00 Linux - Security 4 05-20-2007 03:15 AM
running top shows 2 users gibson79 Slackware 8 03-08-2007 09:19 AM
uptime shows 3 users on system when there is only me. Is this normal? MichaelD Linux - Security 3 05-21-2005 11:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration