Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] /var/log/messages
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Tue, 12 Dec 2000 20:38:56 +1100
  • Message-id: <5.0.1.4.0.20001212172016.044fecb8@xxxxxxxxxxxxxxxxxxxx>
EEEKKKKKK

You should at LEAST have something like this:

Dec 12 10:34:55 dante -- MARK --
Dec 12 10:39:11 dante sshd[5547]: Accepted password for petern from 10.1.0.178 port 1036
Dec 12 10:40:03 dante su: (to root) nix on /dev/pts/0
Dec 12 10:40:03 dante PAM-unix2[5559]: session started for user root, service su
Dec 12 10:44:55 dante -- MARK --

try looking at your processes.... should look like this


# ps afx |grep syslogd
80 ? S 0:00 /usr/sbin/syslogd -r -m 5
6117 pts/0 S 0:00 \_ grep syslogd
dante:~ #


Either syslogd is not running, or you have been backdoored...

Nix

At 01:04 AM 12/12/2000 -0500, you wrote:
Hello,

I have just installed SuSE 7 about a month ago and have not had any messages
recorded to /var/log/messages since Nov 21. Is this a sign of a healthy system
or could there be a problem?

Thanks in advance,
Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >