El vie, 04-07-2003 a las 08:09, Sven 'Darkman' Michels escribió:
Albl, Thomas wrote:
Hi,
sorry I'm not very used with the entries in the message-log, though I can't identify, if the following lines are harmless (because the system has done something for which it uses root rights) or dangerous (because someone has hacked the box an got root rights for the user nobody)
Jul 3 00:15:12 www PAM-unix2[4780]: session started for user nobody, service su Jul 3 00:16:54 www PAM-unix2[4780]: session finished for user nobody, service su
The Linux-Box runs SuSE-Linux 7.2 Kernel 2.4.7 - it denies connections other from our router (i hope so) and runs apache 1.3.26, tomcat 4.0.2, php 4.0.1.
Can anyone help with a hint?
with that old box you should really care about updates. did you run fou4s or so lately? (and a kernel update maybe, 2.4.7 has local root exploits (ptrace). But back to your question: these entrys are generated by a daily cronjob (updatedb etc.) and is started every night at 0:15. So it's nothing really unusual and you can relax with that :)
Regards, Sven