On 12/3/05, Andrew Concordia <
[EMAIL PROTECTED]> wrote:
Hi, I'm not sure what distro you run, by there are often sereral scripts
that run as user nobody out of cron. You should poke around /etc/crontab
and /etc/cron.daily, etc, i'm guessing you'll find the culprit there.
However, user nobody should definitely not have a password set. If it
does, that could be an indication that you are hosed.
Andrew
Patrick Curran wrote:
> my harddrive was doing a whole lot in the middle of the night so I
> checked and saw the use "nobody" was running "find". I was running an
> ssh server and think that might be how they got in, so I shut that
> down, cos I dont really need it. I also switched off the port
> forwarding to the ssh port. I have a crappy wireless router from
> verizon. I don't think i set up my logs correctly cos I suck and
> couldn't really find much.
>
> Are there some necessary things that I should change, im sure there
> are, but I dunno what?
>
> And what can I do with the nobody account, it is my understanding that
> it should have no rights to do anything. I changed the password cos I
> figure the person who got in set it to what he or she wanted...can I
> just delete the account?
>
> Thanks for any input. and yes one day i will stop being lazy and
> secure my box.
>
> --Patrick
