RE: [SLE] too many pam_unix erros!!
Oh, okay, makes me a bit happier, here is the crontab, hmm. Yeah definitely some process root is initiating. # crontab -l # LOGNAME=/var/log/cron 15 5 * * * /usr/local/bin/hardwarereport > /dev/null 2>&1 30 17 * * * /usr/local/bin/backupreport > /dev/null 2>&1 45 5 * * * /usr/local/bin/securityreport > /dev/null 2>&1 22 10 * * * /opt/f-secure/fsav/bin/dbupdate >> /tmp/reports/virus.out 2>&1 0 4 * * * /opt/f-secure/fsav/bin/fsav / >> /tmp/reports/virus.out 2>&1 -----Original Message----- From: Anders Johansson [mailto:andjoh@rydsbo.net] Sent: Tuesday, August 30, 2005 11:31 AM To: suse-linux-e@suse.com Subject: Re: [SLE] too many pam_unix erros!! On Tuesday 30 August 2005 20:23, Patrick B. O'Brien wrote:
My /var/log/messages file is full of the following errors and has been for days. Any thoughts as to what is going on, am I getting hacked or attempted hacks going on here? TIA.
The crond would be a good place to start looking. What do you have set up to run there? btw, they're not errors, they are notifications that root has logged in and out respectively (or, technically, that a login session has started and ended, this doesn't have to be a real login, it can also be that a process has launched as that user by cron) -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Tuesday 30 August 2005 22:49, Patrick B. O'Brien wrote:
Oh, okay, makes me a bit happier, here is the crontab, hmm. Yeah definitely some process root is initiating.
# crontab -l # LOGNAME=/var/log/cron 15 5 * * * /usr/local/bin/hardwarereport > /dev/null 2>&1 30 17 * * * /usr/local/bin/backupreport > /dev/null 2>&1 45 5 * * * /usr/local/bin/securityreport > /dev/null 2>&1 22 10 * * * /opt/f-secure/fsav/bin/dbupdate >> /tmp/reports/virus.out 2>&1 0 4 * * * /opt/f-secure/fsav/bin/fsav / >> /tmp/reports/virus.out 2>&1
ok, so the process running at 10.22 is your antivirus updating its virus definitions. Unless I'm going blind, I'm missing the process that runs every 10th minute. Do you have something set up in /var/spool/cron/tabs/root perhaps?
On Tuesday 30 August 2005 23:10, Anders Johansson wrote:
On Tuesday 30 August 2005 22:49, Patrick B. O'Brien wrote:
Oh, okay, makes me a bit happier, here is the crontab, hmm. Yeah definitely some process root is initiating.
# crontab -l # LOGNAME=/var/log/cron 15 5 * * * /usr/local/bin/hardwarereport > /dev/null 2>&1 30 17 * * * /usr/local/bin/backupreport > /dev/null 2>&1 45 5 * * * /usr/local/bin/securityreport > /dev/null 2>&1 22 10 * * * /opt/f-secure/fsav/bin/dbupdate >> /tmp/reports/virus.out 2>&1 0 4 * * * /opt/f-secure/fsav/bin/fsav / >> /tmp/reports/virus.out 2>&1
ok, so the process running at 10.22 is your antivirus updating its virus definitions.
Unless I'm going blind, I'm missing the process that runs every 10th minute. Do you have something set up in /var/spool/cron/tabs/root perhaps?
Oh, silly me, this is /var/spool/cron/tabs/root. OK, so do you have something set up in /etc/crontab then?
participants (2)
-
Anders Johansson -
Patrick B. O'Brien