LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   new group appeared in logwatch (https://www.linuxquestions.org/questions/linux-newbie-8/new-group-appeared-in-logwatch-755758/)

qwertyjjj 09-16-2009 06:22 PM
new group appeared in logwatch
 
I had a new group appear in my logwatch today and a report saying SSHD had been killed and restarted. Would an update cause that?

Code:

 ################### Logwatch 7.3 (03/24/06) ####################
        Processing Initiated: Thu Sep 17 00:00:06 2009
        Date Range Processed: yesterday
                              ( 2009-Sep-16 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
          Logfiles for Host: localhost.localdomain
  ##################################################################
 
 --------------------- httpd Begin ------------------------

 Requests with error response codes
    400 Bad Request
      /w00tw00t.at.ISC.SANS.DFind:): 11 Time(s)
    401 Unauthorized
      /sarg/: 1 Time(s)
    404 Not Found
      /favicon.ico: 2 Time(s)
      http://proxyjudge2.proxyfire.net/fastenv: 1 Time(s)
      http://www.freestuffto.net/prx1.php?hash=F ... A642DA8BFCE4FDB: 2 Time(s)
      http://www.wantsfly.com/prx.php?hash=DAA19 ... A642DA8BFCE4FDB: 3 Time(s)
 
 ---------------------- httpd End -------------------------

 
 --------------------- postfix Begin ------------------------

 
 
 270506 bytes transferred
 320 messages sent
 310 messages removed from queue
 
 Connections lost:
    Connection lost while receiving the initial server greeting : 19 Time(s)
 
 ---------------------- postfix End -------------------------

 
 --------------------- Connections (secure-log) Begin ------------------------

 New Groups:
    ecryptfs (101)
 
 
 Userhelper executed applications:
    root -> chkrootkit.sh as root:  1 Time(s)
 
 ---------------------- Connections (secure-log) End -------------------------

 
 --------------------- SSHD Begin ------------------------

 
 SSHD Killed: 1 Time(s)
 
 SSHD Started: 1 Time(s)
 
 ---------------------- SSHD End -------------------------

 
 --------------------- yum Begin ------------------------

 
 Packages Installed:
    keyutils-1.2-1.el5.i386
    kernel-2.6.18-164.el5.i686
    trousers-0.3.1-4.el5.i386
 
 Packages Updated:
    mysql-server-5.0.77-3.el5.i386
    mysql-5.0.77-3.el5.i386
    ecryptfs-utils-75-5.el5.i386
    openssh-clients-4.3p2-36.el5.i386
    openssh-4.3p2-36.el5.i386
    openssl-0.9.8e-12.el5.i686
    openssh-server-4.3p2-36.el5.i386
    nspr-4.7.5-1.el5_4.i386
    xulrunner-1.9.0.14-1.el5_4.i386
    1:nfs-utils-1.0.9-42.el5.i386
 
 ---------------------- yum End -------------------------

 
 --------------------- Disk Space Begin ------------------------

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5            4.8G  1.3G  3.2G  29% /
 /dev/sda3            4.8G  767M  3.8G  17% /var
 /dev/sda2            216G  212M  205G  1% /home
 /dev/sda1              76M  22M  51M  31% /boot
 
 
 ---------------------- Disk Space End -------------------------

 
 ###################### Logwatch End #########################

chrism01 09-16-2009 06:27 PM
Quote:
ecryptfs-utils-75-5.el5.i386
openssh-clients-4.3p2-36.el5.i386
openssh-4.3p2-36.el5.i386
openssl-0.9.8e-12.el5.i686
openssh-server-4.3p2-36.el5.i386
All those pkgs are marked updated, so I'd expect/hope sshd would restart, it's a key security tool.
Quote:
New Groups:
ecryptfs (101)


Userhelper executed applications:
root -> chkrootkit.sh as root: 1 Time(s)
You can check the passwd and group files to see if a new group has been created. Also, read the chkrootkit.sh to see what it does.


All times are GMT -5. The time now is 08:47 PM.