Bugtraq mailing list archives
Re: wtmpx utility for solaris
From: mikael () Katedral SE (Mikael Brandstrom)
Date: Tue, 31 Mar 1998 13:10:11 +0200
On Mon, 30 Mar 1998, Ryan wrote:
There seems to be a problem with the tmpx file for solairs. Doesn't log the full IP's of the users loging in, it truncates it somehow. Therefore, the 'last' utility is praticly useless when trying to track down someone. The wtmpx file logs the full data and doesn't truncate anything. I could not find a utility that viewed the wtmpx file. So, I wrote a quick one. It has come in very handy. I have attached the source code that I wrote.
Just wondering, what is the differens compared with last? (if you
disregard that last only prints some of the information logged?
At least last reads wtmpx
$ truss last
<lot of lines>
open("/var/adm/wtmpx", O_RDONLY) = 3
<another lot of lines>
It seems like Solaris uses wtmpx for the continous logging. wtmp is used
for the accounting system, and is removed evry night if accounting is
running.
// M
---
This signature ought to be left blank, but is not.
Current thread:
- Re: Majordomo /tmp exploit, (continued)
- Re: Majordomo /tmp exploit Steven Pritchard (Mar 26)
- easy DoS in most RPC apps Peter van Dijk (Mar 28)
- Netscape passes mailbox path and message ID as refferer Rop Gonggrijp (Mar 28)
- Hole. HKirk (Mar 28)
- Rhino9: WinGate Vulnerability Aleph One (Mar 29)
- MySQL Security Sandu Mihai (Mar 29)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- HPSBUX9803-077 Security Vulnerability with inetd on HP-UX Aleph One (Mar 30)
- Re: Trivial mSQL/MySQL DoS method? Nigel Reed (Mar 26)