On Wednesday 02 March 2005 11.38, Bastian Friedrich wrote:
Hi,
On Wednesday 02 March 2005 11:32, Reiner Pietrzak wrote:
dies >> fand ich heute in meiner Logdatei:
This is an English only list.
Mar 2 04:15:00 pxxxxxxxx /USR/SBIN/CRON[18880]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Mar 2 04:15:04 pxxxxxxxx su: (to nobody) root on none Mar 2 04:15:04 pxxxxxxxx su: pam_unix2: session started for user
nobody, service su
Mar 2 04:15:11 pxxxxxxxx su: pam_unix2: session finished for user
nobody, service su Mar 2 04:16:00 pxxxxxxxx /USR/SBIN/CRON[19006]: (root) CMD (/root/confixx/confixx_counterscript.pl)
Muss ich das als gelungenen Einbruchsversuch werten?
No. Your box just ran a couple of cron jobs. You'll find that every day.
Bastian
The at deamon and cron just ran the /root/confixx/confixx_counterscript.pl script. Aparently something that root entered. (Check the /root/confixx/confixx_counterscript.pl to see exactly what it does) Mar 2 04:15:04 pxxxxxxxx su: (to nobody) root on none Mar 2 04:15:04 pxxxxxxxx su: pam_unix2: session started for user is a user running 'su' -- /Rikard --------------------------------------------------------------- Rikard Johnels email : rikjoh@norweb.se Web : http://www.rikjoh.com/users/rikjoh Mob : +46 735 05 51 01 PGP : 0x461CEE56 ---------------------------------------------------------------