|-----Original Message----- |From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On |Subject: [CentOS] odd entries in logwatch | | |I am concerned about these entries reported this morning in the |logwatch from one of our servers running CentOS4-2. Before I |invest a lot of time and effort tracking this down I wonder if |anyone here recognizes what is going on and why these entries |exist. | |These are sealed servers with no local user accounts beyond those |needed by system and application software. Login authentication is |primarily by SSL certificate, however ssh password logins for |certain backdoor accounts are enabled as a fallback. There are no |records of unexpected logins via ssh or by userids not customarily |associated with routine maintenance. Telnet is disabled. Only |anonymous ftp is the permitted and that service is provided by |vsftpd. The only thing that I can bring to mind that might account |for these records internally is that yesterday we ran "yum update" |on this machine. Might the update account for this trace? | | |> Changed users GID: mailman: 41 -> 41 |> |> **Unmatched Entries** | |> usermod[25137]: change user `mailman' shell from `/sbin/nologin' |> to `/sbin/nologin' | |> usermod[25150]: change user `gdm' shell from `/sbin/nologin' to |> `/sbin/nologin' | |... much sendmail stuff | |-------------------- SSHD Begin ------------------------ | | |SSHD Killed: 2 Time(s) | |SSHD Started: 2 Time(s) | |Failed to bind: | 0.0.0.0 port 22 (Address already in use) : 2 Time(s) | |Users logging in through sshd: | xxxxxxx: | inet05.hamilton.harte-lyne.ca (216.185.71.25): 1 time | | ---------------------- SSHD End ------------------------- | | --------------------- vsftpd-messages Begin ------------------------ | | |Failed FTP Logins: | (81.57.169.170): anonymous - 9 Time(s) | (83.170.32.48): anonymous - 7 Time(s) | (80.194.231.91): anonymous - 9 Time(s) | | ---------------------- vsftpd-messages End ------------------------- |Regards, |Jim Jim, That is the result of the recent updates made available. Automatic yum update? or manual update recently? Brian. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2946 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060322/67137db3/attachment-0004.bin>