On Wed, July 5, 2006 19:47, Fajar Priyanto wrote: > On Thursday 06 July 2006 03:46, Scott Taylor wrote: >> Hello all, >> >> I have a CentOS 4.2 server that gives me these error messages in my >> /var/log/secure file, I realise that these are SSH attacks, but where >> does >> the extra line "Could not get shadow information for NOUSER" come from? >> This doesn't make any sense. I have many servers running CentOS 4.2, >> but don't get this error message on any others. I hate junk in my logs. >> Is there any way to get rid of it? >> >> Invalid user guest from ::ffff:210.210.4.60 >> error: Could not get shadow information for NOUSER >> Failed password for invalid user guest from ::ffff:210.210.4.60 port >> 55073 ssh2 > > It's a response from the server itself when some script kiddies try to > logon to your server using a non existent username. > CMIIW, Uh...yeah, I get that much. So why is it there and how do I get rid of it? It doesn't happen on any other servers that get the same script attacks. -- Scott