[opensuse] User 'scard' has been added to the passwd file
after a recent zypper update, have noticed rkhunter warning : Warning: User 'scard' has been added to the passwd file. Warning: Group 'scard' has been added to the group file. ____________ - any ideas please . . . where does this originate ? best regards -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
try grep'ing for scard in /etc/passwd -- Later, Darin On Fri, Aug 23, 2013 at 2:40 PM, ellanios82 <ellanios82@gmail.com> wrote:
after a recent zypper update, have noticed rkhunter warning :
Warning: User 'scard' has been added to the passwd file. Warning: Group 'scard' has been added to the group file.
____________
- any ideas please . . . where does this originate ?
best regards
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2013 10:08 PM, Darin Perusich wrote:
try grep'ing for scard in /etc/passwd
-- Later, Darin
On Fri, Aug 23, 2013 at 2:40 PM, ellanios82 <ellanios82@gmail.com> wrote:
after a recent zypper update, have noticed rkhunter warning :
Warning: User 'scard' has been added to the passwd file. Warning: Group 'scard' has been added to the group file.
____________
- any ideas please . . . where does this originate ? __________________-
- thanks, Darin . . . this is what i get : # grep scard /etc/passwd scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin ...................... Hmm . . . am not aware of having installed any new program concerning Smart Card Reader . . . wonder what this could originate from?? [ have recently installed new desktop kernel : could this be a kernel-module thing?] [ kernel-desktop-3.10.9-24.1.ga0841e3.i686 ] ............. best regards -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 8/23/2013 12:34 PM, ellanios82 wrote:
On 08/23/2013 10:08 PM, Darin Perusich wrote:
try grep'ing for scard in /etc/passwd
-- Later, Darin
On Fri, Aug 23, 2013 at 2:40 PM, ellanios82 <ellanios82@gmail.com> wrote:
after a recent zypper update, have noticed rkhunter warning :
Warning: User 'scard' has been added to the passwd file. Warning: Group 'scard' has been added to the group file.
____________
- any ideas please . . . where does this originate ? __________________-
- thanks, Darin . . . this is what i get :
# grep scard /etc/passwd scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin
......................
Hmm . . . am not aware of having installed any new program concerning Smart Card Reader . . . wonder what this could originate from??
[ have recently installed new desktop kernel : could this be a kernel-module thing?] [ kernel-desktop-3.10.9-24.1.ga0841e3.i686 ] .............
best regards
Now grep /etc/passwd for nologin and you will find quite a few things that use this, mostly to do things that might otherwise require elevated privileges. GnuPG supports reading of smart card usb devices, as do a few other packages. It could be that you installed or upgraded something that supports the ability to read credentials from a card. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2013 10:43 PM, John Andersen wrote:
On 8/23/2013 12:34 PM, ellanios82 wrote:
On 08/23/2013 10:08 PM, Darin Perusich wrote:
try grep'ing for scard in /etc/passwd
-- Later, Darin
On Fri, Aug 23, 2013 at 2:40 PM, ellanios82 <ellanios82@gmail.com> wrote:
after a recent zypper update, have noticed rkhunter warning :
Warning: User 'scard' has been added to the passwd file. Warning: Group 'scard' has been added to the group file.
____________
- any ideas please . . . where does this originate ? __________________-
- thanks, Darin . . . this is what i get :
# grep scard /etc/passwd scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin
......................
Hmm . . . am not aware of having installed any new program concerning Smart Card Reader . . . wonder what this could originate from??
[ have recently installed new desktop kernel : could this be a kernel-module thing?] [ kernel-desktop-3.10.9-24.1.ga0841e3.i686 ] .............
best regards
Now grep /etc/passwd for nologin and you will find quite a few things that use this, mostly to do things that might otherwise require elevated privileges. GnuPG supports reading of smart card usb devices, as do a few other packages. It could be that you installed or upgraded something that supports the ability to read credentials from a card.
- thank you kindly - this is product of grep : # grep nologin /etc/passwd pulse:x:106:108:PulseAudio daemon:/var/lib/pulseaudio:/sbin/nologin smolt:x:114:117:user for smolt:/usr/share/smolt:/sbin/nologin statd:x:105:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin usbmux:x:108:65534:usbmuxd daemon:/var/lib/usbmuxd:/sbin/nologin polkitd:x:499:498:User for polkitd:/var/lib/polkit:/sbin/nologin scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin ______________ Does this look Innocent and non-threatening ? it was rkhunter that brought this to my attention, thus my fear of root-kit threat? many thanks -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 8/23/2013 12:59 PM, ellanios82 wrote:
scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin
______________
Does this look Innocent and non-threatening ?
it was rkhunter that brought this to my attention, thus my fear of root-kit threat?
Well rkhunter is looking for changes, and something changed in /etc/passwd, so it reported it. The most likely candidate for what got installed is the package pcsc-lite, and yast-ing around it seems this is a requirement for many different smartcard packages. You might look into yast at what requires pcsc-lite and see what you have installed that requires this. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2013 11:12 PM, John Andersen wrote:
On 8/23/2013 12:59 PM, ellanios82 wrote:
scard:x:494:493:Smart Card Reader:/var/run/pcscd:/usr/sbin/nologin
______________
Does this look Innocent and non-threatening ?
it was rkhunter that brought this to my attention, thus my fear of root-kit threat? Well rkhunter is looking for changes, and something changed in /etc/passwd, so it reported it.
The most likely candidate for what got installed is the package pcsc-lite, and yast-ing around it seems this is a requirement for many different smartcard packages. You might look into yast at what requires pcsc-lite and see what you have installed that requires this.
- terrific . . . thank you so much { have used yast to delete package pcsc-lite { nothing has complained yet} } ................. best regards
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/23/2013 10:54 PM, Cristian Rodríguez wrote:
El 23/08/13 14:40, ellanios82 escribió:
- any ideas please . . . where does this originate ? Expected, system user created by rpm post install scriptlets.
thank you kindly -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Cristian Rodríguez -
Darin Perusich -
ellanios82 -
John Andersen