Well, I don't know about make, but lastlog has probably 
been just rotated and now includes only the latest logins.

Is make still running??? Try fstat to check which files it operates on.

jj



On Fri, Apr 09, 2004 at 12:17:33AM +0200, Niels S.Eliasen wrote:
> Ok...
> so lets assume that I am just hysteric ... (;-)) or late at night and 
> tired... ...
> how come a "make" appears for no apparent reason... ??
> 
> and no entries in the lastlog ... not even my own which should have 
> been  or am I totally off a tangent...(once again!) ....??
> 
> Den 8/4-2004, kl. 23.27, skrev Jaka Jejcic:
> 
> >I really think there is nothing wrong with you comp.
> >toor is completely normal account found on all default NetBSD systems.
> >It is a UID 0 account but with a bourne shell set as default.
> >lastlogx also is normal for a NetBSD system.
> >Lets go back to that make... it is the only problem not solved yet.
> >
> >jj
> >
> >On Thu, Apr 08, 2004 at 11:17:21PM +0200, Niels S.Eliasen wrote:
> >>The lastlog was renamed on the 22-jan-2004 to lastlogx ....
> >>And the "busy" passwd file I got rid off by using "vipw" as opposed to
> >>"passwd root"
> >>Which .... incidently revealed a new user "toor" (root backwards)
> >>
> >>Den 8/4-2004, kl. 22.41, skrev Jaka Jejcic:
> >>
> >>>On Thu, Apr 08, 2004 at 10:22:02PM +0200, Niels S.Eliasen wrote:
> >>>>Have taken ethernet off, done....
> >>>>Well... looks the gury have had on h... of a time... the system was
> >>>>by-the-looks of it compromised the 22-Jan-2004... at that time the
> >>>>accounting file got wiped... and apparently the super user has this
> >>>>entry "Charlie &" in the comment filed and daemon has "the devil
> >>>>himself" .....
> >>>
> >>>Well 'Charlie &' and 'The devil himself' are usual names for 'root' 
> >>>and
> >>>'daemon'.
> >>>What should by-the-look of it mean? How do you tell it was 
> >>>22-Jan-2004?
> >>>Maybe it was just a busy password file?
> >>>
> >>>jj
> >>>
> >>>
> >>