On Wed, 2007-01-03 at 16:49 +0100, Dominique Leuenberger wrote: > Hi, > > >>> Reply on 03-01-2007 17:46:56 <<< > > > Hi All, > > > > This is actually a two part question. a) Is there a 100% > proof-positive > > way to > > determine if someone has previously broken into a system via ssh... > > before > > remote root logins were disabled and a weak password replaced... and > b) > > how > > do I correct the apparent inability of 'who', given any parameters, > to > > return > > something more informative than just a prompt? > > to be sure that 'who' is the program you expect, I would first try to > rpm -q --verify coreutils > (this will give some output in case some files out of coreutils, to > which 'who' belongs, were modified. > > In case I would STILL be in doubt (so the above command did not give > any output), you can always post the md5sum of your who binary and let > it compare by somebody else.
554dd55cc223db9293f056da85ca1891 /usr/bin/who is from my 10.0 32bit system -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
