El Viernes, 20 de Abril de 2007 22:42, Mike Wright escribió: > Hi all, > > There is a mystery user on a remote system that I can't identify. I > want to be sure that it's not an uninvited guest :( If anybody is > willing to help I'd be most aprpreciative. > > Running fc6, but I don't thinks it's relevant, although it may be. > > The box is at a remote location and I access it via ssh. When I run > "top" it shows 2 users, but when I run "who" it shows only one, me, from > my remote location. > > At first I thought it might have been a left open login on one of the > mingetty's so I disabled them all in inittab and changed runlevels from > 3 to 4 and saw that all the mingetty's were gone (I think that should > logout anybody on one of those), then returned to runlevel 3 and re-ran > "top". Still 2 users. > > I don't think it can be anybody left over from a previous runlevel 5. > > I ran "ps auxf" and went over it line by line and couldn't find any > other bash sessions than my current remote login on pts/0. > > Anybody know how to identify the second user shown by top? > > I'm very paranoid about hackers/owners/skiddies and this definitely has > my ears perked up. > > Thanks in advance for any tips or ideas, > Mike Wright :m) What lastlog says? What about cat /var/log/secure? -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.