hi.
i took a look at my logfiles and saw the following entry:

Jan 14 09:24:49 desktop groupadd[6563]: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd[6564]: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin

either i added the group nor the user.

/var/named includes following files:

-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16 localdomain.zone
-rw-r--r-- 1 25 named 195 26. Aug 00:16 localhost.zone
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16 named.ca
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16 named.zero
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves

i cant see a login-attemp with ssh.

google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.

thank you, grimse

Named is a standard system user on several linux distros (including Fedora). The /var/named directory and its contents are standard too. Not sure why it was suddenly added, but I'd guess as part of an update (up2date or Yum) or something you installed recently. Also note that the shell /sbin/nologin prevents that user from directly logging into the system. Doesn't appear to be anything malicious, but you might want to look into any recent updates or installs and see if the user creation time in /var/log/messages coincides with anything else.

thank you for your help