LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 03-12-2005, 12:54 AM   #1
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Rep: Reputation: 30
odd login error in /var/log/secure in FC3


Greetings LQ'ers,

A question on FC3. WHen ever a user logs into the machine via ssh, the following kicks up in
/var/log/secure:

Mar 12 00:59:26 machine sshd[23654]: pam_succeed_if: requirement "uid < 100" not met by user "user-name"


so it looks like a pluggable authentication module is checking for user ids to be < 100. All of my
user ids begin at 500 and go up from there (normal for linux, fedora)...any way to stop these
errors in the /var/log/secure file from creeping up???

Thanks

zepplin
 
Old 03-14-2005, 09:25 AM   #2
Technoslave
Member
 
Registered: Dec 2003
Location: Northern VA
Posts: 493

Rep: Reputation: 30
These aren't errors. This is PAM letting you know if someone under UID 100 tried logging in. This is informational, and will eventually show you some nifty things like ssh sweeps that push about 250 attempts in a 10 second time frame of about 40 different users...fun stuff like that.

So you can get fun and exciting messages like this:

Failed logins from these:
adine/password from 209.126.173.249: 1 Time(s)
admin/password from 209.126.173.249: 1 Time(s)
administrator/password from 209.126.173.249: 1 Time(s)
ahmed/password from 209.126.173.249: 1 Time(s)
alan/password from 209.126.173.249: 1 Time(s)
albert/password from 209.126.173.249: 1 Time(s)
alberto/password from 209.126.173.249: 1 Time(s)
andres/password from 209.126.173.249: 1 Time(s)
barbara/password from 209.126.173.249: 1 Time(s)
db/password from 209.126.173.249: 1 Time(s)
guest/password from 209.126.173.249: 1 Time(s)
jack/password from 209.126.173.249: 1 Time(s)
marvin/password from 209.126.173.249: 1 Time(s)
root/password from 209.126.173.249: 16 Time(s)
test/password from 209.126.173.249: 1 Time(s)

Illegal users from these:
adine/none from 209.126.173.249: 1 Time(s)
adine/password from 209.126.173.249: 1 Time(s)
admin/none from 209.126.173.249: 1 Time(s)
admin/password from 209.126.173.249: 1 Time(s)
administrator/none from 209.126.173.249: 1 Time(s)
administrator/password from 209.126.173.249: 1 Time(s)
ahmed/none from 209.126.173.249: 1 Time(s)
ahmed/password from 209.126.173.249: 1 Time(s)
alan/none from 209.126.173.249: 1 Time(s)
alan/password from 209.126.173.249: 1 Time(s)
albert/none from 209.126.173.249: 1 Time(s)
albert/password from 209.126.173.249: 1 Time(s)
alberto/none from 209.126.173.249: 1 Time(s)
alberto/password from 209.126.173.249: 1 Time(s)
andres/none from 209.126.173.249: 1 Time(s)
andres/password from 209.126.173.249: 1 Time(s)
barbara/none from 209.126.173.249: 1 Time(s)
barbara/password from 209.126.173.249: 1 Time(s)
db/none from 209.126.173.249: 1 Time(s)
db/password from 209.126.173.249: 1 Time(s)
guest/none from 209.126.173.249: 1 Time(s)


etc ...

To the point where you just create rules in your firewall to only allow a few IPs access to your box via SSH.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/secure format Latem Linux - Security 1 07-24-2005 08:00 PM
/var/log/secure ??? MikeFoo1 Linux - Security 2 06-22-2005 03:42 AM
APF and /var/log/secure.1... tilt32 Linux - Security 5 03-28-2005 07:19 AM
/var/log/secure allelopath SUSE / openSUSE 3 02-15-2005 08:56 AM
/var/log/secure dragon Linux - Security 6 12-02-2003 08:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 12:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration