Hello all,
I have a CentOS 4.2 server that gives me these error messages in my /var/log/secure file, I realise that these are SSH attacks, but where does the extra line "Could not get shadow information for NOUSER" come from? This doesn't make any sense. I have many servers running CentOS 4.2, but don't get this error message on any others. I hate junk in my logs. Is there any way to get rid of it?
Invalid user guest from ::ffff:210.210.4.60 error: Could not get shadow information for NOUSER Failed password for invalid user guest from ::ffff:210.210.4.60 port 55073 ssh2
Cheers.
-- Scott
On Thursday 06 July 2006 03:46, Scott Taylor wrote:
Hello all,
I have a CentOS 4.2 server that gives me these error messages in my /var/log/secure file, I realise that these are SSH attacks, but where does the extra line "Could not get shadow information for NOUSER" come from? This doesn't make any sense. I have many servers running CentOS 4.2, but don't get this error message on any others. I hate junk in my logs. Is there any way to get rid of it?
Invalid user guest from ::ffff:210.210.4.60 error: Could not get shadow information for NOUSER Failed password for invalid user guest from ::ffff:210.210.4.60 port 55073 ssh2
It's a response from the server itself when some script kiddies try to logon to your server using a non existent username. CMIIW,
On Wed, July 5, 2006 19:47, Fajar Priyanto wrote:
On Thursday 06 July 2006 03:46, Scott Taylor wrote:
Hello all,
I have a CentOS 4.2 server that gives me these error messages in my /var/log/secure file, I realise that these are SSH attacks, but where does the extra line "Could not get shadow information for NOUSER" come from? This doesn't make any sense. I have many servers running CentOS 4.2, but don't get this error message on any others. I hate junk in my logs. Is there any way to get rid of it?
Invalid user guest from ::ffff:210.210.4.60 error: Could not get shadow information for NOUSER Failed password for invalid user guest from ::ffff:210.210.4.60 port 55073 ssh2
It's a response from the server itself when some script kiddies try to logon to your server using a non existent username. CMIIW,
Uh...yeah, I get that much. So why is it there and how do I get rid of it? It doesn't happen on any other servers that get the same script attacks.
-- Scott
-
Fajar Priyanto -
Scott Taylor