Chinaunix首页 | 论坛 | 博客
  • 博客访问: 543321
  • 博文数量: 119
  • 博客积分: 3167
  • 博客等级: 中校
  • 技术积分: 1215
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-20 21:21
文章分类

全部博文(119)

文章存档

2015年(21)

2012年(4)

2011年(1)

2007年(11)

2006年(50)

2005年(32)

分类: LINUX

2006-01-19 02:07:02

居然发现who  一看    N个root在系统中 汗啊~!
[root@localhost log]# last | tac 的输出
root     pts/3                         Sun Jan 15 18:17 - 18:17  (00:00)
root     pts/3        :2.0             Sun Jan 15 18:17 - 23:12 (2+04:54)
root     pts/6                         Sun Jan 15 18:28 - 18:28  (00:00)
root     pts/6        :4.0             Sun Jan 15 18:28 - 23:12 (2+04:44)
[root@localhost log]# who
root     pts/2        Jan 15 18:06 (:1.0)
root     pts/4        Jan 15 18:09
root     pts/5        Jan 15 18:10 (:1.0)
root     pts/3        Jan 15 18:17 (:2.0)
root     pts/6        Jan 15 18:28 (:4.0)
找来找去 没发现什么异常
google一下  还好
who command shows more users than actual exists?
Often this means that your utmp file is corrupted.  When files like
that go bad, different commands interpret them differently.
Most likely, because there's something in some of your login/logout
procedures that corrupts the file sometimes.
Can I simply delete utmp?  will it recreate itself?
Just truncate it to size zero .
> /var/run/utmp
who
没有输出了
重新登陆后正常
 
> root       169  0.0  0.5  1148  644 ?        S    08:23   0:00 /sbin/rpc.statd

Do you use NFS?  If not, get rid of this.

> root       193  0.0  0.4  1300  552 ?        S    08:23   0:00 /usr/sbin/inetd

I assume you use this for telnet and FTP.  Make sure other services are
commented out in /etc/inetd.conf. 

> root       201  0.0  0.4  1352  560 ?        S    08:23   0:00 /usr/sbin/lpd

Do you print from this machine?  If not, get rid of this.

> nobody     256  0.0  2.0  3616 2596 ?        S    08:23   0:00 /usr/bin/X11/xfs-xtt -user nobody

Don't really need font serving on a colo box.

> root       260  0.0  1.2  1556 1548 ?        SL   08:23   0:00 /usr/sbin/ntpd

Do you use this?  I think it's for time synchronization serving, though
it might be a client.  Maybe try rdate if you just need a client. 

> daemon     265  0.0  0.4  1140  544 ?        S    08:23   0:00 /usr/sbin/atd

If you don't use this, get rid of it.  Malicious users can schedule
tasks for when they're not logged in. 

Just a couple thoughts on ways to tighten things.

阅读(1235) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~