[NCLUG] Two easy? security questions...

Matt Clauson mec at dotorg.org
Mon Sep 4 13:07:12 MDT 2000


On Mon, Sep 04, 2000 at 06:48:52PM +0000, dobbster wrote:
> Hi Matt,
> 
> > First question...  For reference, what Distro are you running?
> 
> Mandrake 6.2.

Bring the CDs to the meeting tomorrow.  We'll install it on the second
partition on my laptop and figure it out.

> > Second:  Have you tried running 'find / -name 'btmp' -print' and seeing if
> > there are any more copies of that file out there?
> 
> Yes...  There is only one copy.
> 
> > Third:  Even though the manpage says btmp, on my Debian 2.2 box here, the
> > failed attempts are stored in /var/log/faillog, NOT /var/log/btmp.  When
> > I run a find on it, in fact, I am told that no file named btmp exists.  Of
> > course, that breaks the functionality of lastb....  when I link
> > /var/log/faillog to /var/log/btmp, however...  it seems to click again.
> 
> Interesting.  I wasn't aware of faillog; I read the man page.  I did
> attempt what you suggested, creating /var/log/faillog, and linking it to
> /var/log/btmp.  Still, the log files remain empty.

Yeah, the debian manpages don't reference faillog either, but that's where it
is, oddly enough.  Something you might try doing is performing a 'bad login'
and then doing a search for files modified in, say, the past 15 minutes,
using the find command.  You may be able to find the file by process of
elimination that way.

Also, on a meeting related topic:  Sean, I'm still planning to bring that
video projector to the meeting.  Drop me a note offlist if this needs to
change.

--Matt, the flunky



More information about the NCLUG mailing list