Bugtraq mailing list archives

ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux)

From: silvio () ROCKNET NET AU (Silvio Cesare)
Date: Sun, 25 May 1997 23:18:00 +1000


chkwtmp:        A wtmp intrusion detection analyzer

By:             Silvio Cesare, 6th May, 1997

chkwtmp is an intrusion detection analyzer for the wtmp logfile on systems
running the Linux OS.


SYNOPSIS

Usage: chkwtmp [options]
        -w wtmp         wtmp filename
        -t              Print unformatted timestamps

DESCRIPTION

chkwtmp is able to log most of the typical zap wtmp utilities (everything
i've seen).  The typical zap program relies on using only the current
session logs and does no furthur processing after session completion, even
though the wtmp logs have init logs logout entries.


Silvio Cesare, <silvio () rocknet net au>
ftp://ftp.rocknet.net.au/pub/silvio/

Current thread:

Re: cfingerd vulnerability, (continued)
- - - Re: cfingerd vulnerability Edward S. Marshall (May 24)
    - Re: cfingerd vulnerability Ken Hollis (May 24)
    - Re: cfingerd vulnerability Alan Brown (May 25)
    - Re: cfingerd vulnerability Michael Stone (May 25)
    - winnuke in one line of perl5.004 Randal Schwartz (May 25)
    - Re: cfingerd vulnerability Felix von Leitner (May 25)
  - Irix buffer overflow in /bin/df David Hedley (May 24)
    - Re: Irix buffer overflow in /bin/df J.A. Gutierrez (May 24)
    - Irix: Pandora's box opened Yuri Volobuev (May 24)
    - BitchX p139 script the lerPer (May 24)
    - ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux) Silvio Cesare (May 25)
    - Re: ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linu Byron COLLIE (May 26)
    - ANNOUNCE: riputils (Linux) Silvio Cesare (May 25)
    - Re: Irix buffer overflow in /bin/df Lamont Granquist (May 28)