Hi, last 12.01.02 at 4am someone was trying to activate the port 22 (sshd). the auth.log is not reporting any successfull login. today the seccheck script give me the same output on two different machines The following program executables are group/world writeable: - drwx------ 13 root root 748 Fri Jan 04 02:05:33 2002 . + drwx------ 13 root root 748 Mon Jan 07 20:31:38 2002 . The following devices were added: crw------- root root 12, 5 /dev/tpqic24 crw-rw-rw- root root 5, 0 /dev/tty crw--w--w- root root 4, 0 /dev/tty0 - crw--w---- root tty 4, 1 /dev/tty1 + crw-rw---- root tty 4, 1 /dev/tty1 crw--w---- root tty 4, 10 /dev/tty10 crw--w---- root tty 4, 11 /dev/tty11 crw--w---- root tty 4, 12 /dev/tty12 my question: is there a relation between this two events ? thank you
Hi,
last 12.01.02 at 4am someone was trying to activate the port 22 (sshd). the auth.log is not reporting any successfull login.
today the seccheck script give me the same output on two different machines
The following program executables are group/world writeable: - drwx------ 13 root root 748 Fri Jan 04 02:05:33 2002 . + drwx------ 13 root root 748 Mon Jan 07 20:31:38 2002 .
The following devices were added: crw------- root root 12, 5 /dev/tpqic24 crw-rw-rw- root root 5, 0 /dev/tty crw--w--w- root root 4, 0 /dev/tty0 - crw--w---- root tty 4, 1 /dev/tty1 + crw-rw---- root tty 4, 1 /dev/tty1 crw--w---- root tty 4, 10 /dev/tty10 crw--w---- root tty 4, 11 /dev/tty11 crw--w---- root tty 4, 12 /dev/tty12
my question: is there a relation between this two events ? thank you
No, most likely not. It really depends on the directory that changed the timestamp. You'll see plenty of sshd connects in the next days. Don't worry about them as long as you have all updates installed. Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
participants (2)
-
Roman Drahtmueller
-
sigismund