[Systems] Sunjammer "test" user
Bernie Innocenti
bernie at codewiz.org
Mon Apr 4 10:26:54 EDT 2016
On 04/04/16 09:40, Samuel Cantero wrote:
> # test, People, sugarlabs.org <http://sugarlabs.org>
> dn: uid=test,ou=People,dc=sugarlabs,dc=org
> uid: test
> cn: Test
> sn: Test
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> *mail: als-at at yandex.ru <mailto:als-at at yandex.ru>*
> displayName: Test
No shell? Odd. And no entry in the lastlog either.
>From the record ID in ldap, it looks like the user has been there fore a
long time.
Moreover, the wtmp and btmp files show signs of having been tampered
with (note the dates):
sunjammer:/var/log# ll wtmp*
-rw-rw-r-- 1 root utmp 375K Apr 4 10:19 wtmp
-rw-rw-r-- 1 root root 617K Jun 1 2015 wtmp-20141201
-rw-rw-r-- 1 root root 1023K Jun 1 2015 wtmp-20150601
-rw-rw-r-- 1 root utmp 29K Dec 31 19:07 wtmp-20160101.xz
sunjammer:/var/log# ll btmp*
-rw-rw---- 1 root utmp 7.2M Apr 4 08:29 btmp
-rw-rw---- 1 root utmp 32 Sep 1 2014 btmp-20141001.xz
-rw-rw---- 1 root utmp 32 Oct 1 2014 btmp-20141101.xz
-rw-rw---- 1 root utmp 32 Nov 1 2014 btmp-20141201.xz
-rw-rw---- 1 root utmp 32 Dec 1 2014 btmp-20150101.xz
-rw-rw---- 1 root utmp 32 Jan 1 2015 btmp-20150201.xz
-rw-rw---- 1 root utmp 32 Feb 1 2015 btmp-20150301.xz
-rw-rw---- 1 root utmp 32 Mar 1 2015 btmp-20150401.xz
-rw-rw---- 1 root utmp 32 Apr 1 2015 btmp-20150501.xz
-rw-rw---- 1 root utmp 32 May 1 2015 btmp-20150601.xz
-rw-rw---- 1 root utmp 32 Jun 1 2015 btmp-20160101.xz
--
_ // Bernie Innocenti
\X/ http://codewiz.org
More information about the Systems
mailing list