Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
i took a look at my logfiles and saw the following entry:
Jan 14 09:24:49 desktop groupadd: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin
either i added the group nor the user.
/var/named includes following files:
-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16 localdomain.zone
-rw-r--r-- 1 25 named 195 26. Aug 00:16 localhost.zone
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16 named.ca
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16 named.zero
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves
i cant see a login-attemp with ssh.
google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.
Named is a standard system user on several linux distros (including Fedora). The /var/named directory and its contents are standard too. Not sure why it was suddenly added, but I'd guess as part of an update (up2date or Yum) or something you installed recently. Also note that the shell /sbin/nologin prevents that user from directly logging into the system. Doesn't appear to be anything malicious, but you might want to look into any recent updates or installs and see if the user creation time in /var/log/messages coincides with anything else.