This site is now 100% read-only, and retired.

XML Logo

Posted by busfault on Sun 4 Feb 2007 at 19:40
Tags: none.
I have used Linux for a while now, though I have yet to learn all of the intricacies of System Administrating. I occasionally run 'uptime' to see my loads, how long my system has been up, and users on. Now this has me puzzled because I was the only one logged onto my machine, yet it shows up as users 2 `uptime` reports:
Valhalla:/etc# uptime
 14:16:55 up 122 days, 21:55,  2 users,  load average: 1.00, 1.09, 1.22
The load averages are high since I am running dnetc on the system. `users` reports:
root
`who -q` gives:
root
#users=1
`who -a` gives:
                        Oct  4 17:16                 8 id=si    term=0 exit=0
           system boot  Oct  4 17:16
           run-level 2  Oct  4 17:16                   last=S
                        Oct  4 17:17               669 id=l2    term=0 exit=0
           pts/0        Feb  4 13:17             17924 id=ts/0  term=0 exit=0
LOGIN      tty1         Oct  4 17:17              1075 id=1
LOGIN      tty2         Oct  4 17:17              1076 id=2
root     - ttyS0        Feb  4 13:18   .         18504
           pts/1        Feb  4 09:12             11977 id=ts/1  term=0 exit=0
           pts/2        Jan 27 20:51             17867 id=ts/2  term=0 exit=0
           pts/2        Jan 27 19:56             17660 id=p2    term=0 exit=2
Also, I have my serial console to have a login display of
Connected to \n on \l at \bbaud
/==========================================\\
|Machine information:                      |
|OS:     \s \r                      |
|Kernel: \v   |
|Arch:   \m                              |
|\U logged in.                         |
\\==========================================/

\d \t (EST)
Where the \U is showing '1 user' (when there isn't any other login that I know of). Looking at netstat shows no remote machines connected. I'd prefer not to reboot my system, is there a way to figure this out? Should I be concerned that my machine is compromised? Could there be a process that is making it seem like a user is connected? If I was logged on and the connection was lost and programs were running could this also be the case?