Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Einbruchsversuch gelungen?
  • From: Rikard Johnels <rikjoh@xxxxxxxxx>
  • Date: Wed, 2 Mar 2005 12:34:47 +0100
  • Message-id: <200503021234.48635.rikjoh@xxxxxxxxx>
On Wednesday 02 March 2005 11.38, Bastian Friedrich wrote:
> Hi,
>
> On Wednesday 02 March 2005 11:32, Reiner Pietrzak wrote:
> > dies >> fand ich heute in meiner Logdatei:
>
> This is an English only list.
>
> > Mar 2 04:15:00 pxxxxxxxx /USR/SBIN/CRON[18880]: (root) CMD
> > (/root/confixx/confixx_counterscript.pl)
> >
> > >>Mar 2 04:15:04 pxxxxxxxx su: (to nobody) root on none
> > >>Mar 2 04:15:04 pxxxxxxxx su: pam_unix2: session started for user
> >
> > nobody, service su
> >
> > >>Mar 2 04:15:11 pxxxxxxxx su: pam_unix2: session finished for user
> >
> > nobody, service su
> > Mar 2 04:16:00 pxxxxxxxx /USR/SBIN/CRON[19006]: (root) CMD
> > (/root/confixx/confixx_counterscript.pl)
> >
> > Muss ich das als gelungenen Einbruchsversuch werten?
>
> No. Your box just ran a couple of cron jobs. You'll find that every day.
>
> Bastian

The at deamon and cron just ran the /root/confixx/confixx_counterscript.pl
script. Aparently something that root entered. (Check
the /root/confixx/confixx_counterscript.pl to see exactly what it does)

Mar 2 04:15:04 pxxxxxxxx su: (to nobody) root on none
Mar 2 04:15:04 pxxxxxxxx su: pam_unix2: session started for user
is a user running 'su'

--

/Rikard

---------------------------------------------------------------
Rikard Johnels email : rikjoh@xxxxxxxxx
Web : http://www.rikjoh.com/users/rikjoh
Mob : +46 735 05 51 01
PGP : 0x461CEE56
---------------------------------------------------------------

< Previous Next >