Re: Security Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've already set a proper password but on a twin testing machine the !!s are there, before and after running my setup commands to change the shell. Here's the top of message with the login and logout lines:

Feb 13 04:05:24 backup syslogd 1.4.1: restart.
Feb 13 05:39:25 backup named[31607]: lame server resolving '191.236.191.211.in-addr.arpa' (in '236.191.211.in-addr.arpa'?): 203.251.201.1#53
Feb 13 05:45:51 backup named[31607]: lame server resolving '201.32.110.61.in-addr.arpa' (in '32.110.61.in-addr.arpa'?): 203.240.193.11#53
Feb 13 05:45:51 backup named[31607]: lame server resolving '201.32.110.61.in-addr.arpa' (in '32.110.61.in-addr.arpa'?): 203.251.201.1#53
Feb 13 06:36:09 backup sshd(pam_unix)[422]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=dsl-82-199-133-138.dutchdsl.nl user=apache
Feb 13 06:36:17 backup sshd(pam_unix)[425]: session opened for user apache by (uid=48)
Feb 13 06:53:58 backup named[31607]: lame server resolving '173.4.248.61.in-addr.arpa' (in '4.248.61.in-addr.arpa'?): 203.240.193.11#53
Feb 13 06:53:58 backup named[31607]: lame server resolving '173.4.248.61.in-addr.arpa' (in '4.248.61.in-addr.arpa'?): 203.251.201.1#53
Feb 13 07:00:44 backup sshd(pam_unix)[425]: session closed for user apache
Feb 13 07:39:19 backup sshd(pam_unix)[710]: check pass; user unknown
Feb 13 07:39:19 backup sshd(pam_unix)[710]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131
Feb 13 07:39:23 backup sshd(pam_unix)[713]: check pass; user unknown
Feb 13 07:39:23 backup sshd(pam_unix)[713]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131
Feb 13 07:39:27 backup sshd(pam_unix)[715]: check pass; user unknown
Feb 13 07:39:27 backup sshd(pam_unix)[715]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131
Feb 13 07:39:31 backup sshd(pam_unix)[717]: check pass; user unknown
Feb 13 07:39:31 backup sshd(pam_unix)[717]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131
Feb 13 07:39:34 backup sshd(pam_unix)[720]: check pass; user unknown
Feb 13 07:39:34 backup sshd(pam_unix)[720]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131
Feb 13 07:39:38 backup sshd(pam_unix)[722]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131 user=root
Feb 13 07:39:42 backup sshd(pam_unix)[724]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131 user=root
Feb 13 07:39:46 backup sshd(pam_unix)[726]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.184.142.131 user=root



One failed attempt, one successful attempt and a logout 24 minutes later.

   scottb



Tomas Mraz wrote:

On Mon, 2005-02-14 at 10:57 -0800, Scott Becker wrote:





What does 'getent shadow apache' gives you if you call it from root
account?
If it's something like: apache:!!:xxxxx::::::
^^ note these. If the exclamation marks are missing it means that
this account is without a password and nullok allows to login to it. But
if the !! (or *) is there it means something is broken on your system if
it allowed login to that account. Can you find the messages from
the /var/log/ surrounding the 'apache logged in from
dsl-82-199-133-138.dutchdsl.nl (82.199.133.138)' message?






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux