I'm on a Sun 4/390 running SunOS 4.0.3. Earlier this morning, I
began to notice some peculiarities on the system which eventually
led me to type in the command 'whoami'. The response was the terse
reply, 'Intruder alert.'.
It turns out a priveledged 'somebody' in the lab had copied a file
over /etc/passwd. Fortunately, we keep a current copy online, so no
great damage was done.
But now I'm curious about where this message originates from. I did
a 'strings' on /usr/ucb/whoami, /usr/etc/inetd, and everything in
/usr/lib, but couldn't find it.
Does anybody know the orgins and background of this message? I'm
considering suing somebody over all the coffee I spilled on my
(just joking, please, no lawyers...)