OK... I feel ignorant now... Laugh
I went back and double checked everything and silly me had the command in
crontab as
*/15 0 * * * root /etc/httpd/conf/nmbd.chk
so it was trying actually execute the command "root"
I removed the root and it is working fine now.
I learned a lot more about cron and crontab thanks to all your messages
along with the research I did on this issue.
For those of you that are interested, here is what the nmbd.chk script does
along with a copy of it.
****************************************************
#!/bin/bash
grep winnt /etc/httpd/logs/access_log >> /tmp/nimb
cat /tmp/nimb | while read IP junk
do
grep $IP /etc/hosts.deny > /dev/null || echo "ALL: $IP" >> /etc/hosts.deny
done
rm /tmp/nimb
*****************************************************
My apache webserver occassionally gets hammered by Microsoft boxes that have
been infected by the nimbda virus. This script looks for those machines and
adds them to the hosts.deny file along with any other machines attempting
winnt commands on my server. Another script resets the hosts.deny file back
to it's original state once a month after logging the ip addresses to a
specific file to check for systems that continually get infected on a
regular basis.
Many thanks again to the community for all the assist on this one.
It is greatly appreciated.
John Harper CCNA / MCP / Soon to be Solaris and RedHat Certified (working on
these now)
EDS Security Administrator
Department of Education Account
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
