> You'll have to figure out how that person is getting access as
> apparently they are reaching the box.
>
Hi,
Turns out has NOTHING to do with someone trying to hack
the box. I narrowed it down to every time there was a "clean"
message from SpamAssassin I would get the message.
>
> Tuc at T-B-O-H.NET wrote:
>
> >>>Jul 18 14:08:47 asgard nologin: Attempted login by root on UNKNOWN
> >>>
> >>>
> Something running *as* root is trying to "su" to an account which has
> /bin/nologin as a shell
>
> e.
Tuc at T-B-O-H.NET wrote:
Jul 18 14:08:47 asgard nologin: Attempted login by root on UNKNOWN
Something running *as* root is trying to "su" to an account which has
/bin/nologin as a shell
e.g. # su avahi
cartman nologin: Attempted login by alex on /dev/ttyp7
avahi:*:558
>
> Tuc at T-B-O-H.NET wrote:
> >>>> Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN
> >>>> Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin:
> >>>> Attempted login by root on UNKNOWN
> >>>>
Tuc at T-B-O-H.NET wrote:
Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN
Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin:
Attempted login by root on UNKNOWN
I'm not sure who/what/where to start looking. Ideas?
Hey Darek,
Good to
> > Jul 18 14:08:47 asgard nologin: Attempted login by root on UNKNOWN
> > Jul 18 14:08:47 asgard kernel: Jul 18 14:08:47 asgard nologin: Attempted
> > login by root on UNKNOWN
> > Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN
> > Jul 18 14:21:
> >> Jul 18 14:21:02 asgard nologin: Attempted login by root on UNKNOWN
> >> Jul 18 14:21:02 asgard kernel: Jul 18 14:21:02 asgard nologin:
> >> Attempted login by root on UNKNOWN
> >>
> >> I'm not sure who/what/where to start looking.
doug wrote:
On Tue, 18 Jul 2006, Tuc at T-B-O-H wrote:
Hi,
All of a sudden today I'm getting :
nologin: Attempted login by root on UNKNOWN
on a server... Its happening QUITE a bit :
Jul 18 13:16:01 asgard nologin: Attempted login by root on UNKNOWN
Jul 18 13:16:01 asgard k
On Tue, 18 Jul 2006, Tuc at T-B-O-H wrote:
Hi,
All of a sudden today I'm getting :
nologin: Attempted login by root on UNKNOWN
on a server... Its happening QUITE a bit :
Jul 18 13:16:01 asgard nologin: Attempted login by root on UNKNOWN
Jul 18 13:16:01 asgard kernel: J
Hi,
All of a sudden today I'm getting :
nologin: Attempted login by root on UNKNOWN
on a server... Its happening QUITE a bit :
Jul 18 13:16:01 asgard nologin: Attempted login by root on UNKNOWN
Jul 18 13:16:01 asgard kernel: Jul 18 13:16:01 asgard nologin: Attempted logi
10 matches
Mail list logo
