LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-16-2009, 07:22 PM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
new group appeared in logwatch


I had a new group appear in my logwatch today and a report saying SSHD had been killed and restarted. Would an update cause that?

Code:
 ################### Logwatch 7.3 (03/24/06) #################### 
        Processing Initiated: Thu Sep 17 00:00:06 2009
        Date Range Processed: yesterday
                              ( 2009-Sep-16 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: localhost.localdomain
  ################################################################## 
 
 --------------------- httpd Begin ------------------------ 

 Requests with error response codes
    400 Bad Request
       /w00tw00t.at.ISC.SANS.DFind:): 11 Time(s)
    401 Unauthorized
       /sarg/: 1 Time(s)
    404 Not Found
       /favicon.ico: 2 Time(s)
       http://proxyjudge2.proxyfire.net/fastenv: 1 Time(s)
       http://www.freestuffto.net/prx1.php?hash=F ... A642DA8BFCE4FDB: 2 Time(s)
       http://www.wantsfly.com/prx.php?hash=DAA19 ... A642DA8BFCE4FDB: 3 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- postfix Begin ------------------------ 

 
 
 270506 bytes transferred
 320 messages sent
 310 messages removed from queue
 
 Connections lost:
    Connection lost while receiving the initial server greeting : 19 Time(s)
 
 ---------------------- postfix End ------------------------- 

 
 --------------------- Connections (secure-log) Begin ------------------------ 

 New Groups:
    ecryptfs (101)
 
 
 Userhelper executed applications:
    root -> chkrootkit.sh as root:  1 Time(s)
 
 ---------------------- Connections (secure-log) End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 SSHD Killed: 1 Time(s)
 
 SSHD Started: 1 Time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- yum Begin ------------------------ 

 
 Packages Installed:
    keyutils-1.2-1.el5.i386
    kernel-2.6.18-164.el5.i686
    trousers-0.3.1-4.el5.i386
 
 Packages Updated:
    mysql-server-5.0.77-3.el5.i386
    mysql-5.0.77-3.el5.i386
    ecryptfs-utils-75-5.el5.i386
    openssh-clients-4.3p2-36.el5.i386
    openssh-4.3p2-36.el5.i386
    openssl-0.9.8e-12.el5.i686
    openssh-server-4.3p2-36.el5.i386
    nspr-4.7.5-1.el5_4.i386
    xulrunner-1.9.0.14-1.el5_4.i386
    1:nfs-utils-1.0.9-42.el5.i386
 
 ---------------------- yum End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5             4.8G  1.3G  3.2G  29% /
 /dev/sda3             4.8G  767M  3.8G  17% /var
 /dev/sda2             216G  212M  205G   1% /home
 /dev/sda1              76M   22M   51M  31% /boot
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################
 
Old 09-16-2009, 07:27 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,247

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Quote:
ecryptfs-utils-75-5.el5.i386
openssh-clients-4.3p2-36.el5.i386
openssh-4.3p2-36.el5.i386
openssl-0.9.8e-12.el5.i686
openssh-server-4.3p2-36.el5.i386
All those pkgs are marked updated, so I'd expect/hope sshd would restart, it's a key security tool.
Quote:
New Groups:
ecryptfs (101)


Userhelper executed applications:
root -> chkrootkit.sh as root: 1 Time(s)
You can check the passwd and group files to see if a new group has been created. Also, read the chkrootkit.sh to see what it does.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I want to disable logwatch on our RHEL servers to stop the logwatch mail svik Linux - Enterprise 10 08-27-2009 03:51 PM
Does logwatch run automatically? How can I reset logwatch? abefroman Linux - Software 4 06-17-2009 03:17 AM
GNUstep just appeared cjsmith22 Linux - Newbie 1 05-28-2005 12:38 AM
Gnome interface won't appeared DanielTan Linux - Newbie 8 01-05-2005 04:30 PM
Group Admin, Group Root, or God over Group crickett Linux - General 5 07-12-2004 05:01 PM


All times are GMT -5. The time now is 05:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration