SUMMARY: Another utmpx parser besides last

From: Keith Resar (3fcb85eee6f3a@heavyk.org)
Date: Mon Feb 07 2005 - 17:20:13 EST

• Next message: Dave Martini 1: "SUMMARY: Changing NIS+ root password"
• Previous message: Robert: "Network time protocol"
• In reply to: Keith Resar: "Another utmpx parser besides last"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Apparently the hostname information is recorded at login if
available, otherwise the IP is recorded. Therefore, if a reverse
DNS lookup succeeded then there is no way to access to the IP
address of the connecting system after the fact.

> Does anyone know of a script/tool to parse the utmpx file from a
> Solaris 8 system besides last?
>
> We're trying to do some auditing after a possible compromise but
> last does a lookup on the src IP address so we're getting a bum
> domain name rather then something more useful.
>
>
> Thanks for any pointers.
> Keith.
>
> --
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers

-- 
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Dave Martini 1: "SUMMARY: Changing NIS+ root password"
• Previous message: Robert: "Network time protocol"
• In reply to: Keith Resar: "Another utmpx parser besides last"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:08 EDT