SU entries in log
in my system log im seeing entries like this....
process: SU message: "pam_unix2: session started for user cyrus, service su" and process: SU message: "pam_unix2: session started for user nobody, service su" i have no idea where these usernames are coming from, i did not create them, and i do not see them in my list of users/grops in yast. am i being hacked? are these system processes? thanks for any help! |
Quote:
|
When you say system log which one are you referring too? If you're using Yast then I guess you're on Suse which I don't know so well.
But to help you out, Cyrus is a mail and IMAP server. Do you know if you have that installed/running? The user 'nobody' is commonly created by services that need to provide restricted access to outsiders. It's quite common for it to be set up by FTP severs and the like. Try running; Code:
cat /var/log/auth.log|grep nobody |
thanks for replys!!! i used 'top' to see if those users where doing anything, and they wernt.
i tried the "cat /var/log/auth.log|grep nobody" but that log doesnt exist. yes im running suse linux 9.3 im checking into the cyrus stuff. thanks again! |
Also check your logs for cron jobs run around that time. Some types of cron activity will need admin privileges and it will automatically add or drop privileges as necessary.
|
All times are GMT -5. The time now is 01:20 AM. |