Re: wtmp filling up fast... What are these entries?

---

• From: Enrique Sanchez Vela <esanchezvela@xxxxxxxxx>
• Date: Thu, 17 Aug 2006 16:20:58 -0700

---

disable rsh and see who complains!



--- "Hunter, Mark" <Mark.Hunter@xxxxxxxxxxxxxxxxxx>

Hi Admin'ers



We have a server where the /var/adm/wtmp file is
getting to 8GB over two or
three days.

The user logins to this server are about 10 - 20 per
day. (i.e. via telnet or
ssh)



Does anyone know what these rshnnnnn logins
represent. They seem to be coming
quick and fast!



root pts/1 <server> Aug 16 06:03
still logged in
root rsh1802398 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2535842 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh1634346 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2347392 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2048232 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2548162 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2548160 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh2548158 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh1450196 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh901242 <server> Aug 16 06:03 -
06:03 (00:00)
root rsh774594 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh1233046 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh774592 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh2064400 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh815300 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh815298 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh999502 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh2486632 <server> Aug 16 05:48 -
05:48 (00:00)
root rsh1904676 <server> Aug 16 05:48 -
05:48 (00:00



TIA




The information transmitted (including attachments)
is
covered by the Electronic Communications Privacy
Act,
18 U.S.C. 2510-2521, is intended only for the
person(s) or
entity/entities to which it is addressed and may
contain
confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or
taking
of any action in reliance upon, this information by
persons
or entities other than the intended recipient(s) is
prohibited.
If you received this in error, please contact the
sender and
delete the material from any computer.

Enrique Sanchez Vela
email: esanchezvela@xxxxxxxxx
--------------------------------------
http://www.savetheinternet.com/

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

---

• References:
  • Re: wtmp filling up fast... What are these entries?
    • From: Hunter, Mark

• Prev by Date: Re: Fibre Channel Array Troubles.
• Next by Date: Re: Fibre Channel Array Troubles.
• Previous by thread: Re: wtmp filling up fast... What are these entries?
• Next by thread: FW: Technical Support Bulletin - UNIX
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: tool for creating packets ... You mentioned Perl. ... > between a client and a server. ... > Do You Yahoo!? ... Mail has the best spam protection around ... (Security-Basics) Re: [SLE] Strange NFS Problem ... if you upgrade a machine ... >> Do You Yahoo!? ... Mail has the best spam protection around ... > client and add a new server, put in the server ip address, then try ... (SuSE) /dev/io , /dev/mem : only used by Xorg? ... only shows that Xorg is using these devices. ... I now also have Server PC, that does not run X at all. ... Do You Yahoo!? ... Mail has the best spam protection around ... (freebsd-questions) Re: tool for creating packets ... Juan B wrote: ... >between a client and a server. ... >Do You Yahoo!? ... Mail has the best spam protection around ... (Security-Basics) RE: Blocking Yahoo causing issues with DHCP? ... To make sure your SBS 2003 server have right network configuration. ... I'd like to confirm the deny rule about Yahoo ... What's edition of your ISA? ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > AIX-L  > 2006-08