Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
i took a look at my logfiles and saw the following entry:
Jan 14 09:24:49 desktop groupadd: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin
either i added the group nor the user.
/var/named includes following files:
-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16 localdomain.zone
-rw-r--r-- 1 25 named 195 26. Aug 00:16 localhost.zone
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16 named.ca
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16 named.zero
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves
i cant see a login-attemp with ssh.
google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.
Named is a standard system user on several linux distros (including Fedora). The /var/named directory and its contents are standard too. Not sure why it was suddenly added, but I'd guess as part of an update (up2date or Yum) or something you installed recently. Also note that the shell /sbin/nologin prevents that user from directly logging into the system. Doesn't appear to be anything malicious, but you might want to look into any recent updates or installs and see if the user creation time in /var/log/messages coincides with anything else.