"last root" shows root login using tty terminal from different user machines

Mahesh Shinde maheshas at yahoo.com
Sun Apr 17 10:53:46 MDT 2005


Dear all,

I have installed Red Hat Linux Advanced server 2.1
last week. Users are login to this server without any
problem.

The problem I am facing is when I run "last root"
command I am getting following output.

root pts/3 Fri Apr 15 20:02 - 20:25 (00:23)
> root tty2 user1-lnx.stp. Fri Apr 15 19:55 - 20:47
(00:52)
root pts/8 Fri Apr 15 18:12 - 19:29 (01:17)
root pts/5 Fri Apr 15 18:10 - 18:14 (00:03)
root pts/18 Fri Apr 15 17:35 gone - no logout
root pts/8 Fri Apr 15 17:34 - 18:12 (00:37)
root pts/7 Fri Apr 15 17:34 - 16:11 (22:37)
root :0 Fri Apr 15 17:34 - 16:11 (22:37)
root pts/8 10.0.0.1 Fri Apr 15 17:32 - 17:32 (00:00)
> root tty1 user2-w2p Fri Apr 15 14:39 - 17:33 (02:54)
>root tty3 user3-w2p Wed Apr 13 10:41 - 10:59 (00:18)
>root tty2 Wed Apr 13 10:28 - 10:59 (00:30)
> root tty1 Wed Apr 13 10:14 - 10:59 (00:44)

the lines marked above with ">" are root logins from
user1,user2,user3 machines and last 2 lines shows no
hostname.

As per users they have not login as root, since they
don't have root password.

Can anybody tell me the reason for this "last" log
output ?

After running chkrootkit I am getting following error.

Checking `chkutmp'... The tty of the following user
process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1912 tty4 /sbin/mingetty tty4
! root 1913 tty5 /sbin/mingetty tty5
! root 1914 tty6 /sbin/mingetty tty6
! root 26571 tty3 /sbin/mingetty tty3
! root 5641 tty1 /sbin/mingetty tty1
! root 16316 tty2 /sbin/mingetty tty2
chkutmp: nothing deleted

what is this mingetty ?

/var/log/messages are missing for that root login
periods.


Please help me in solving this problem.


Regards,
Mahesh


		
__________________________________ 
Do you Yahoo!? 
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide



More information about the PLUG mailing list