Ok...
so lets assume that I am just hysteric ... (;-)) or late at night and 
tired... ...
how come a "make" appears for no apparent reason... ??

and no entries in the lastlog ... not even my own which should have 
been  or am I totally off a tangent...(once again!) ....??

Den 8/4-2004, kl. 23.27, skrev Jaka Jejcic:

> I really think there is nothing wrong with you comp.
> toor is completely normal account found on all default NetBSD systems.
> It is a UID 0 account but with a bourne shell set as default.
> lastlogx also is normal for a NetBSD system.
> Lets go back to that make... it is the only problem not solved yet.
>
> jj
>
> On Thu, Apr 08, 2004 at 11:17:21PM +0200, Niels S.Eliasen wrote:
>> The lastlog was renamed on the 22-jan-2004 to lastlogx ....
>> And the "busy" passwd file I got rid off by using "vipw" as opposed to
>> "passwd root"
>> Which .... incidently revealed a new user "toor" (root backwards)
>>
>> Den 8/4-2004, kl. 22.41, skrev Jaka Jejcic:
>>
>>> On Thu, Apr 08, 2004 at 10:22:02PM +0200, Niels S.Eliasen wrote:
>>>> Have taken ethernet off, done....
>>>> Well... looks the gury have had on h... of a time... the system was
>>>> by-the-looks of it compromised the 22-Jan-2004... at that time the
>>>> accounting file got wiped... and apparently the super user has this
>>>> entry "Charlie &" in the comment filed and daemon has "the devil
>>>> himself" .....
>>>
>>> Well 'Charlie &' and 'The devil himself' are usual names for 'root' 
>>> and
>>> 'daemon'.
>>> What should by-the-look of it mean? How do you tell it was 
>>> 22-Jan-2004?
>>> Maybe it was just a busy password file?
>>>
>>> jj
>>>
>>>
>>