LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   winbind user 'root' granted access (https://www.linuxquestions.org/questions/linux-networking-3/winbind-user-root-granted-access-424469/)

mpapet 03-13-2006 01:29 PM
winbind user 'root' granted access
 
Last week I joined a debian box to my employer's AD domain. It runs snort on the inside only and otherwise keeps daily backups. There's ssh access, but only from my FQDN.

Now, I'm getting pam_winbind user 'root' granted access emails from logcheck at very frequent intervals and even when no one is here.

I doubt the system is compromised, because it started after the winbind/samba install. I'm not an expert though, so I need some other opinions.

Auth.log has the following typical log entry:

Mar 12 07:39:01 intranet pam_winbind[12935]: user 'root' granted access
Mar 12 07:39:01 intranet CRON[12935]: (pam_unix) session opened for user root by (uid=0)
Mar 12 07:39:02 intranet CRON[12935]: (pam_unix) session closed for user root

Any advice would be great.

nixcraft 03-15-2006 02:42 AM
Look like CRON job doing something just login as a root and type command:
crontab -l

To list all cron job and you should get an answer.


All times are GMT -5. The time now is 02:34 PM.