hi
pls find the log of tail -f /var/log/secure--
Nov 1 10:02:02 mail gdm[3072]: pam_unix(gdm:auth): bad username []
Nov 1 10:02:02 mail gdm[3072]: pam_succeed_if(gdm:auth): error retrieving information about user
Nov 1 10:02:12 mail gdm[3072]: pam_unix(gdm:auth): bad username []
Nov 1 10:02:12 mail gdm[3072]: pam_succeed_if(gdm:auth): error retrieving information about user
Nov 1 10:10:14 mail gdm[3072]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 11:18:30 mail gdm[3072]: pam_unix(gdm:session): session closed for user root
Nov 1 11:24:49 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 11:24:51 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 11:25:48 mail gdm[3060]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 11:26:23 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 1 11:26:23 mail login: ROOT LOGIN ON tty1
Nov 1 12:17:02 mail userhelper[11605]: pam_timestamp(system-install-packages:session): updated timestamp file `/var/run/sudo/root/tty1'
Nov 1 12:17:02 mail userhelper[11608]: running '/usr/sbin/system-install-packages /Resource_given/centos cd/CentOS/tcp_wrappers-7.6-40.6.el5.i386.rpm' with root privileges on behalf of 'root'
Nov 1 12:52:06 mail login: pam_unix(login:session): session closed for user root
Nov 1 12:52:06 mail gdm[3060]: pam_unix(gdm:session): session closed for user root
Nov 1 12:56:47 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 12:56:48 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 12:57:22 mail gdm[3070]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 12:57:43 mail gdm[3070]: pam_unix(gdm:session): session closed for user root
Nov 1 12:58:02 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 1 12:58:02 mail login: ROOT LOGIN ON tty1
Nov 1 12:59:42 mail gdm[3070]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:00:43 mail gdm[3070]: pam_unix(gdm:session): session closed for user root
Nov 1 13:01:00 mail gdm[3070]: pam_unix(gdm:session): session opened for user amar by (uid=0)
Nov 1 13:02:30 mail gdm[3070]: pam_unix(gdm:session): session closed for user amar
Nov 1 13:02:55 mail gdm[3070]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:08:44 mail gdm[3070]: pam_unix(gdm:session): session closed for user root
Nov 1 13:09:04 mail gdm[3070]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:09:20 mail gdm[3070]: pam_unix(gdm:session): session closed for user root
Nov 1 13:14:12 mail login: pam_unix(login:session): session closed for user root
Nov 1 13:18:32 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 13:18:33 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 13:19:06 mail gdm[3045]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:19:19 mail gdm[3045]: pam_unix(gdm:session): session closed for user root
Nov 1 13:23:51 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 1 13:23:51 mail login: ROOT LOGIN ON tty1
Nov 1 13:26:45 mail gdm[3045]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:26:46 mail gdm[3045]: pam_unix(gdm:session): session closed for user root
Nov 1 13:28:07 mail gdm[3045]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 13:29:07 mail gdm[3045]: pam_unix(gdm:session): session closed for user root
Nov 1 14:02:57 mail useradd[10229]: new group: name=rahul, GID=7802
Nov 1 14:02:57 mail useradd[10229]: new user: name=rahul, UID=7801, GID=7802, home=/home/rahul, shell=/bin/bash
Nov 1 14:03:21 mail passwd: pam_unix(passwd:chauthtok): password changed for rahul
Nov 1 14:03:26 mail su: pam_unix(su:session): session opened for user rahul by root(uid=0)
Nov 1 14:03:38 mail gdm[3045]: pam_unix(gdm:session): session opened for user rahul by (uid=0)
Nov 1 14:03:39 mail gdm[3045]: pam_unix(gdm:session): session closed for user rahul
Nov 1 14:04:31 mail su: pam_unix(su-l:session): session opened for user root by root(uid=7801)
Nov 1 14:04:35 mail userdel[10621]: delete user `rahul'
Nov 1 14:04:35 mail userdel[10621]: removed group `rahul' owned by `rahul'
Nov 1 14:19:01 mail gdm[3045]: pam_unix(gdm:auth): check pass; user unknown
Nov 1 14:19:01 mail gdm[3045]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Nov 1 14:19:01 mail gdm[3045]: pam_succeed_if(gdm:auth): error retrieving information about user rot
Nov 1 14:19:10 mail gdm[3045]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 14:26:39 mail gdm[3045]: pam_unix(gdm:session): session closed for user root
Nov 1 14:30:35 mail gdm[3045]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 14:30:40 mail gdm[3045]: pam_unix(gdm:session): session closed for user root
Nov 1 14:32:43 mail userdel[15064]: delete user `sabayon'
Nov 1 14:32:43 mail userdel[15064]: removed group `sabayon' owned by `sabayon'
Nov 1 14:32:59 mail groupadd[15106]: new group: name=sabayon, GID=86
Nov 1 14:32:59 mail useradd[15110]: new user: name=sabayon, UID=86, GID=86, home=/home/sabayon, shell=/sbin/nologin
Nov 1 14:33:07 mail login: pam_unix(login:session): session closed for user root
Nov 1 14:33:07 mail su: pam_succeed_if(su-l:session): error retrieving information about user 7801
Nov 1 14:33:07 mail su: pam_unix(su-l:session): session closed for user root
Nov 1 14:33:07 mail su: pam_unix(su:session): session closed for user rahul
Nov 1 14:37:33 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 14:37:34 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 14:38:03 mail gdm[3061]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 14:39:56 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 1 14:39:56 mail login: ROOT LOGIN ON tty1
Nov 1 15:22:25 mail usermod[10103]: change user `gdm' shell from `/sbin/nologin' to `/sbin/nologin'
Nov 1 15:22:39 mail gdm[3061]: pam_unix(gdm:session): session closed for user root
Nov 1 15:22:54 mail gdm[10217]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 15:22:57 mail gdm[10217]: pam_unix(gdm:session): session closed for user root
Nov 1 15:24:41 mail login: pam_unix(login:session): session closed for user root
Nov 1 15:29:04 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 15:29:05 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 15:29:34 mail gdm[3060]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 15:29:44 mail gdm[3060]: pam_unix(gdm:session): session closed for user root
Nov 1 15:30:12 mail login: pam_unix(login:session): session opened for user root by (uid=0)
Nov 1 15:30:12 mail login: ROOT LOGIN ON tty1
Nov 1 15:42:17 mail gdm[3060]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=root
Nov 1 15:42:28 mail gdm[3060]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 16:03:19 mail gdm[3060]: pam_unix(gdm:session): session closed for user root
Nov 1 16:03:33 mail gdm[3060]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 16:03:36 mail gdm[3060]: pam_unix(gdm:session): session closed for user root
Nov 1 16:06:16 mail gdm[3060]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 16:07:12 mail login: pam_unix(login:session): session closed for user root
Nov 1 16:07:12 mail gdm[3060]: pam_unix(gdm:session): session closed for user root
Nov 1 16:11:31 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 16:11:33 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 16:16:30 mail gdm[3054]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 16:16:33 mail gdm[3054]: pam_unix(gdm:session): session closed for user root
Nov 1 16:16:51 mail login: pam_unix(login:session): session opened for user root by (uid=0)
Nov 1 16:16:51 mail login: ROOT LOGIN ON tty1
Nov 1 16:26:32 mail gdm[3054]: pam_unix(gdm:session): session opened for user amar by (uid=0)
Nov 1 16:26:34 mail gdm[3054]: pam_unix(gdm:session): session closed for user amar
Nov 1 16:49:48 mail gdm[3054]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 16:49:49 mail gdm[3054]: pam_unix(gdm:session): session closed for user root
Nov 1 17:35:55 mail gdm[3054]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 17:52:18 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 1 17:52:18 mail login: ROOT LOGIN ON tty2
Nov 1 18:28:19 mail login: pam_unix(login:session): session closed for user root
Nov 1 18:29:12 mail login: pam_unix(login:session): session closed for user root
Nov 1 18:29:12 mail gdm[3054]: pam_unix(gdm:session): session closed for user root
Nov 1 18:36:31 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 1 18:36:33 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 1 18:37:01 mail gdm[3051]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 1 18:37:13 mail gdm[3051]: pam_unix(gdm:session): session closed for user root
Nov 1 18:37:33 mail login: pam_unix(login:session): session opened for user root by (uid=0)
Nov 1 18:37:33 mail login: ROOT LOGIN ON tty1
Nov 1 18:58:04 mail login: pam_unix(login:session): session closed for user root
Nov 1 18:58:21 mail gdm[3051]: pam_succeed_if(gdm:auth): error retrieving user name: Conversation error
Nov 1 18:58:25 mail gdm[3051]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=root
Nov 2 10:00:37 mail gdm[3051]: pam_unix(gdm:auth): check pass; user unknown
Nov 2 10:00:37 mail gdm[3051]: pam_unix(gdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Nov 2 10:00:37 mail gdm[3051]: pam_succeed_if(gdm:auth): error retrieving information about user a
Nov 2 10:16:12 mail gdm[3051]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 10:16:15 mail gdm[3051]: pam_unix(gdm:session): session closed for user root
Nov 2 10:44:23 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 2 10:44:23 mail login: ROOT LOGIN ON tty1
Nov 2 10:57:26 mail gdm[3051]: pam_unix(gdm:session): session opened for user amar by (uid=0)
Nov 2 10:57:44 mail gdm[3051]: pam_unix(gdm:session): session closed for user amar
Nov 2 10:59:40 mail usermod[1876]: change user `gdm' shell from `/sbin/nologin' to `/sbin/nologin'
Nov 2 11:00:00 mail gdm[1977]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 11:00:07 mail gdm[1977]: pam_unix(gdm:session): session closed for user root
Nov 2 11:00:30 mail login: pam_unix(login:session): session closed for user root
Nov 2 11:05:10 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 2 11:05:11 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 2 11:05:41 mail gdm[3052]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 12:09:21 mail gdm[3052]: pam_unix(gdm:session): session closed for user root
Nov 2 14:30:39 mail gdm[3052]: pam_unix(gdm:auth): bad username []
Nov 2 14:30:39 mail gdm[3052]: pam_succeed_if(gdm:auth): error retrieving information about user
Nov 2 14:30:55 mail login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Nov 2 14:30:55 mail login: ROOT LOGIN ON tty1
Nov 2 14:37:18 mail gdm[3052]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:12:20 mail gdm[3052]: pam_unix(gdm:session): session closed for user root
Nov 2 17:12:35 mail gdm[3052]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:12:49 mail gdm[3052]: pam_unix(gdm:session): session closed for user root
Nov 2 17:16:06 mail gdm[3052]: pam_unix(gdm:session): session opened for user amar by (uid=0)
Nov 2 17:16:08 mail gdm[3052]: pam_unix(gdm:session): session closed for user amar
Nov 2 17:19:49 mail gdm[3052]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:19:59 mail login: pam_unix(login:session): session closed for user root
Nov 2 17:19:59 mail gdm[3052]: pam_unix(gdm:session): session closed for user root
Nov 2 17:24:22 mail runuser: pam_unix(runuser-l:session): session opened for user uuidd by (uid=0)
Nov 2 17:24:24 mail runuser: pam_unix(runuser-l:session): session closed for user uuidd
Nov 2 17:24:52 mail gdm[3051]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:26:48 mail gdm[3051]: pam_unix(gdm:session): session closed for user root
Nov 2 17:27:12 mail login: pam_unix(login:auth): check pass; user unknown
Nov 2 17:27:12 mail login: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty=tty2 ruser= rhost=
Nov 2 17:27:12 mail login: pam_succeed_if(login:auth): error retrieving information about user eoor
Nov 2 17:27:14 mail login: FAILED LOGIN 1 FROM (null) FOR eoor, User not known to the underlying authentication module
Nov 2 17:27:19 mail login: pam_unix(login:session): session opened for user root by (uid=0)
Nov 2 17:27:19 mail login: ROOT LOGIN ON tty2
Nov 2 17:28:55 mail gdm[3051]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:29:03 mail gdm[3051]: pam_unix(gdm:session): session closed for user root
Nov 2 17:29:28 mail login: pam_unix(login:session): session opened for user root by (uid=0)
Nov 2 17:29:28 mail login: ROOT LOGIN ON tty1
Nov 2 17:31:06 mail gdm[3051]: pam_unix(gdm:session): session opened for user root by (uid=0)
Nov 2 17:31:14 mail gdm[3051]: pam_unix(gdm:session): session closed for user root
Nov 2 17:46:36 mail su: pam_unix(su:session): session opened for user amar by root(uid=0)
Nov 2 17:47:08 mail su: pam_unix(su-l:session): session opened for user root by root(uid=7798)
thanks in advance
|