[CentOS] odd entries in logwatch

Venom User wubba at ViperShells.com
Wed Mar 22 14:34:23 UTC 2006



|-----Original Message-----
|From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
|Subject: [CentOS] odd entries in logwatch
|
|
|I am concerned about these entries reported this morning in the 
|logwatch from one of our servers running CentOS4-2.  Before I 
|invest a lot of time and effort tracking this down I wonder if 
|anyone here recognizes what is going on and why these entries 
|exist.
|
|These are sealed servers with no local user accounts beyond those 
|needed by system and application software.  Login authentication is 
|primarily by SSL certificate, however ssh password logins for 
|certain backdoor accounts are enabled as a fallback.  There are no 
|records of unexpected logins via ssh or by userids not customarily 
|associated with routine maintenance.  Telnet is disabled.  Only 
|anonymous ftp is the permitted and that service is provided by 
|vsftpd. The only thing that I can bring to mind that might account 
|for these records internally is that yesterday we ran "yum update" 
|on this machine.  Might the update account for this trace?
|
|
|> Changed users GID:    mailman: 41 -> 41
|> 
|> **Unmatched Entries**
|
|> usermod[25137]: change user `mailman' shell from `/sbin/nologin'
|> to `/sbin/nologin' 
|
|> usermod[25150]: change user `gdm' shell from `/sbin/nologin' to
|> `/sbin/nologin' 
|
|... much sendmail stuff
|
|-------------------- SSHD Begin ------------------------ 
|
|
|SSHD Killed: 2 Time(s)
|
|SSHD Started: 2 Time(s)
|
|Failed to bind:
|   0.0.0.0 port 22 (Address already in use) : 2 Time(s)
|
|Users logging in through sshd:
|   xxxxxxx:
|      inet05.hamilton.harte-lyne.ca (216.185.71.25): 1 time
|
| ---------------------- SSHD End ------------------------- 
|
| --------------------- vsftpd-messages Begin ------------------------ 
|
|
|Failed FTP Logins:
| (81.57.169.170): anonymous - 9 Time(s)
| (83.170.32.48): anonymous - 7 Time(s)
| (80.194.231.91): anonymous - 9 Time(s)
|
| ---------------------- vsftpd-messages End ------------------------- 
|Regards,
|Jim


	Jim,

		That is the result of the recent updates made available.
	Automatic yum update? or manual update recently?

	Brian.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2946 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20060322/67137db3/smime.bin


More information about the CentOS mailing list