[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Strange entry in message-log?
Albl, Thomas wrote:
sorry I'm not very used with the entries in the message-log, though I can't
identify, if the following lines are harmless (because the system has done
something for which it uses root rights) or dangerous (because someone has
hacked the box an got root rights for the user nobody)
Jul 3 00:15:12 www PAM-unix2: session started for user nobody,
Jul 3 00:16:54 www PAM-unix2: session finished for user nobody,
The Linux-Box runs SuSE-Linux 7.2 Kernel 2.4.7 - it denies connections other
from our router (i hope so) and runs apache 1.3.26, tomcat 4.0.2, php 4.0.1.
Can anyone help with a hint?
with that old box you should really care about updates. did you run
fou4s or so lately? (and a kernel update maybe, 2.4.7 has local root
exploits (ptrace). But back to your question: these entrys are generated
by a daily cronjob (updatedb etc.) and is started every night at 0:15.
So it's nothing really unusual and you can relax with that :)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here