[CentOS] odd entries in logwatch

Venom User wubba at ViperShells.com
Wed Mar 22 14:34:23 UTC 2006

|-----Original Message-----
|From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
|Subject: [CentOS] odd entries in logwatch
|I am concerned about these entries reported this morning in the 
|logwatch from one of our servers running CentOS4-2.  Before I 
|invest a lot of time and effort tracking this down I wonder if 
|anyone here recognizes what is going on and why these entries 
|These are sealed servers with no local user accounts beyond those 
|needed by system and application software.  Login authentication is 
|primarily by SSL certificate, however ssh password logins for 
|certain backdoor accounts are enabled as a fallback.  There are no 
|records of unexpected logins via ssh or by userids not customarily 
|associated with routine maintenance.  Telnet is disabled.  Only 
|anonymous ftp is the permitted and that service is provided by 
|vsftpd. The only thing that I can bring to mind that might account 
|for these records internally is that yesterday we ran "yum update" 
|on this machine.  Might the update account for this trace?
|> Changed users GID:    mailman: 41 -> 41
|> **Unmatched Entries**
|> usermod[25137]: change user `mailman' shell from `/sbin/nologin'
|> to `/sbin/nologin' 
|> usermod[25150]: change user `gdm' shell from `/sbin/nologin' to
|> `/sbin/nologin' 
|... much sendmail stuff
|-------------------- SSHD Begin ------------------------ 
|SSHD Killed: 2 Time(s)
|SSHD Started: 2 Time(s)
|Failed to bind:
| port 22 (Address already in use) : 2 Time(s)
|Users logging in through sshd:
|   xxxxxxx:
|      inet05.hamilton.harte-lyne.ca ( 1 time
| ---------------------- SSHD End ------------------------- 
| --------------------- vsftpd-messages Begin ------------------------ 
|Failed FTP Logins:
| ( anonymous - 9 Time(s)
| ( anonymous - 7 Time(s)
| ( anonymous - 9 Time(s)
| ---------------------- vsftpd-messages End ------------------------- 


		That is the result of the recent updates made available.
	Automatic yum update? or manual update recently?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2946 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20060322/67137db3/smime.bin

More information about the CentOS mailing list