SUN solaris hacked[请求]

[E&E]

这几天机器好些被黑了,不知道怎么搞定. OS is 9. No firwall installed
有什么log files 之类的可以看看吗? 软件?

 

[chhuili]

Command finger displays information about local and remote users.
log files located under /var.

 

[chhuili]

Re: Re: SUN solaris hacked[请求]

There is a file /var/adm/utmp or /var/adm/wtmp records all users's account information. Man page utmp shows its structure. I think the following lines can be used in the code:
FILE* fp=fopen(WTMP_FILE, "rb");
struct utmp u;
while(fread(&u, sizeof(u), 1, fp) > 0)
{
// For each entry check whatever you want
// Or get the clue you are interested
}