[rlug] Re: ciudatenii acct

Sabin Iacob Mon, 10 Jan 2005 06:16:48 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sabin Iacob wrote:
| exotic4 / # lastcomm --user=root
| A)                      root     ??         0.10 secs Thu Jan  1 02:16
| A)                      root     ??         0.10 secs Thu Jan  1 02:16
| A)                      root     ??         0.10 secs Thu Jan  1 02:16
| A)                      root     ??         0.10 secs Thu Jan  1 02:16
| [lots of similar crap]
| exotic4 / # sa
| ~    4800 3659164.93re       0.83cp       437avio         0k
| ~    4606 3542126.80re       0.53cp       445avio         0k   ***other*
| ~     177  104033.60re       0.29cp       223avio         0k   A)*
| ~       3    1439.87re       0.01cp       224avio         0k   V'*
| ~       8    6454.67re       0.00cp       471avio         0k
| ~       6    5110.00re       0.00cp       291avio         0k
|
| wtf? reinstalat acct, oprit accounting, sters /var/account/pacct si
| pornit iar, same $hit... Gentoo, kernel 2.6.10-nitro2 cu bsd process
| accounting activat, acct-6.3.5. Sa fi schimbat astia formatul pt pacct
| (dc ma uit cu un viewer de text se vad nume de programe p-acolo, da mi-e
| lene sa ma apuc sa scriu un prog care sa umble in el)? wtmp e ok, last
| imi raporteaza cum trebuie... chkrootkit si lsat nu gasesc nimic, nmap
| de la alt calc nu gaseste porturi deschise aiurea (de care sa nu stiu,
| adica), nu mi-au aparut useri, etc, cu alte cuvinte e putin probabil sa
| am goange... sugestii?
|


nevermind... rtfm e util cateodata:

CONFIG_BSD_PROCESS_ACCT_V3:

~ If you say Y here, the process accounting information is written
~ in a new file format that also logs the process IDs of each
~ process and it's parent. Note that this file format is incompatible
~ with previous v0/v1/v2 file formats, so you will need updated tools
~ for processing it. A preliminary version of these tools is available
~ at <http://www.physik3.uni-rostock.de/tim/kernel/utils/acct/>.

- ---
Detalii despre listele noastre de mail: http://www.lug.ro/




- --
I haven't lost my mind -- it's backed up on tape somewhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB4o4tpFveV/JdohERAmLtAJ9KSeaGEzJvf0z3wNGpG272gU1sdwCdELrm
ZDSG0292JPasiWT3U56Kvno=
=2+sF
-----END PGP SIGNATURE-----

--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] Re: ciudatenii acct

Raspunde prin e-mail lui