Board index Unix Questions

strange message from 'whoami'

strange message from 'whoami'

Post by Glenn Popel » Fri, 24 Apr 1992 14:03:49



 I'm on a Sun 4/390 running SunOS 4.0.3. Earlier this morning, I
began to notice some peculiarities on the system which eventually
led me to type in the command 'whoami'. The response was the terse
reply, 'Intruder alert.'.

 It turns out a priveledged 'somebody' in the lab had copied a file
over /etc/passwd. Fortunately, we keep a current copy online, so no
great damage was done.

 But now I'm curious about where this message originates from. I did
a 'strings' on /usr/ucb/whoami, /usr/etc/inetd, and everything in
/usr/lib, but couldn't find it.

 Does anybody know the orgins and background of this message? I'm
considering suing somebody over all the coffee I spilled on my
shirt.  :(          

(just joking, please, no lawyers...)

glenn

 
 
 
Top

strange message from 'whoami'

Post by Kartik Subbar » Fri, 24 Apr 1992 21:45:06



Quote:> I'm on a Sun 4/390 running SunOS 4.0.3. Earlier this morning, I
>began to notice some peculiarities on the system which eventually
>led me to type in the command 'whoami'. The response was the terse
>reply, 'Intruder alert.'.

> But now I'm curious about where this message originates from. I did
>a 'strings' on /usr/ucb/whoami, /usr/etc/inetd, and everything in
>/usr/lib, but couldn't find it.

Scary, isn't it? :-) You have to say "strings - /usr/ucb/whoami" on SunOS
4.0.x to reveal it, but it's there all right.

The new releases (> SunOS 4.1) have a more sane message,
"whoami: no login associated with uid %u".

        -Kartik

--

You have new mail.

 
 
 
Top

strange message from 'whoami'

Post by Roy S. Rapopo » Sat, 25 Apr 1992 01:00:04



Quote:>Scary, isn't it? :-) You have to say "strings - /usr/ucb/whoami" on SunOS
>4.0.x to reveal it, but it's there all right.

Yeah, I didn't have to include the '-', but I found the 'Intruder Alert.'
It's certainly somewhat melodramatic...

But hey, that's nothing...

We have a cluster here of 21 Apollo DN3500/DN4500..

This cluster is maintained by volunteer staffers.  These staffers sometimes
have a twisted sense of humor...

Like,

If your registry entry (like your password line) is unavailable, some
programs will barf and say "You don't exist.  Go Away."

The standard program we had for turning off accounts (it would look in the
person's home directory, and cat .sorry) checked whether it could actually
read the .sorry file.  If it could not, it would say "Technical
Difficulties.  Go Away."

Friendly, aren't we? :-)

 
 
 
Top

strange message from 'whoami'

Post by John Navar » Sat, 25 Apr 1992 05:10:59



Quote:>This cluster is maintained by volunteer staffers.  These staffers sometimes
>have a twisted sense of humor...

>Like,

>If your registry entry (like your password line) is unavailable, some
>programs will barf and say "You don't exist.  Go Away."

        Yeah, otalk (4.2 talk) does this if you don't have a legit entry
in /etc/utmp.  

-tms

--
From the Lab of the MaD ScIenTiST:


 
 
 
Top

1. strange error message when using 'rdist' from 5.0.5

A client has asked that certain data sets be updated across the network on a
nightly basis.  When trying to use rdist to do this (have used this between
5.0.5 and 5.0.5 before), the server machine gets a strange error, which I
cannot find in the SCO TA's, and I cannot see any obvious reason for the
error.  It's as follows:

RemoteMachine: updating host RemoteMachine
RemoteMachine: Created notify temp file '/tmp/rdista0073U'
RemoteMachine: LOCAL ERROR: update: unexpected control record
RemoteMachine: LOCAL ERROR: update: unexpected control record
RemoteMachine: LOCAL ERROR: Lost connection to skg

RemoteMachine: Created notify temp file '/tmp/rdista0073U'
RemoteMachine: updating of RemoteMachine finished

Machines are connected by (*WORKING*) 100mbit network through a Bay Switch.
Can ftp large files across without any errors, so from what I can tell,
networking is not the issue.

The system stats are as follows:

<Local - HP LH, Quad PIII 600>
OS 5.0.5
RS505A
OSS497C
OSS600A
OSS621A
OSS623A
(Intel EtherExpress 10/100 Pro, eeE = 5.0.5e)

<RemoteMachine - DEC ???, Quad PPro 200>
OS 5.0.5
RS505A
OSS497C
OSS600A
OSS621A
OSS623A
(Digital DE500, dcxf = 5.0.5a)
(NOTE: Was upgraded from 5.0.4 to 5.0.5 less than a month ago)

If anybody has any idea's as to what could cause this, I'd appreciate the
input.  I'll keep puttering away at it for now.

Stuart J. Browne
Pro Medicus Technical Support.

2. boot up without a keyboard? Help!!!

3. strange 'DMA disabled' message in 2.4.20-pre5-ac6

4. Please help with my question!

5. 'IRQ timeout' message and 'DMA disabled' with 'ls -l'

6. Alpha PC

7. Kernel messages: ``bad page table'' and ``swap_free: weirdness''

8. test

9. Weird ARP messages in 'messages'

10. Q: why no bootup messages in 'messages' in 1.0?

11. How to: Get rid of login's message (another 'issue' file?)

12. "Can't load library 'foo'" messages

13. Gunzip won't work -'not in gz format' message


All times are UTC
Board index