LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-14-2005, 08:57 AM   #1
grimse
Member
 
Registered: Oct 2004
Location: Oldenburg, Germany
Distribution: FC4
Posts: 42

Rep: Reputation: 15
/var/named


hi.
i took a look at my logfiles and saw the following entry:

Jan 14 09:24:49 desktop groupadd[6563]: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd[6564]: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin

either i added the group nor the user.

/var/named includes following files:

-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16 localdomain.zone
-rw-r--r-- 1 25 named 195 26. Aug 00:16 localhost.zone
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16 named.ca
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16 named.zero
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves

i cant see a login-attemp with ssh.

google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.

thank you, grimse
 
Old 01-14-2005, 11:22 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Named is a standard system user on several linux distros (including Fedora). The /var/named directory and its contents are standard too. Not sure why it was suddenly added, but I'd guess as part of an update (up2date or Yum) or something you installed recently. Also note that the shell /sbin/nologin prevents that user from directly logging into the system. Doesn't appear to be anything malicious, but you might want to look into any recent updates or installs and see if the user creation time in /var/log/messages coincides with anything else.
 
Old 01-15-2005, 06:23 AM   #3
grimse
Member
 
Registered: Oct 2004
Location: Oldenburg, Germany
Distribution: FC4
Posts: 42

Original Poster
Rep: Reputation: 15
thank you for your help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving /var/adm and /var/lib - why does it hurt? J_Szucs Linux - General 1 09-15-2004 06:46 PM
named -u named at startup zzero Linux - Newbie 4 03-16-2004 12:08 AM
cannot find named.conf and /var/named kaushikma Red Hat 1 02-07-2004 12:49 PM
a green-colored file name in the /var/named directory rioguia Linux - Newbie 2 10-16-2003 08:06 AM
Virtual Host type, named or IP via SSL? Named VH is not possible? piratebiter Linux - Security 3 08-20-2003 05:27 PM


All times are GMT -5. The time now is 11:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration