LinuxQuestions.org - I am having trouble understanding my logwatch?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - I am having trouble understanding my logwatch? (https://www.linuxquestions.org/questions/linux-security-4/i-am-having-trouble-understanding-my-logwatch-480541/)

asif2k

09-05-2006 04:37 AM

I am having trouble understanding my logwatch?

I got this message in my logwatch. I don't understand what it means? Can someone help me with this. I see this line in my logwatch.

Quote:
gdm:
Authentication Failures:
rhost= : 1 Time(s)

Unknown Entries:
check pass; user unknown: 1 Time(s)

Authentication Failures:
unknown (60.209.4.35): 6 Time(s)

Invalid Users:
Unknown Account: 6 Time(s)

what is this mean? Is this a known hack? some script kiddy tried but failed? correct me if I am wrong.

thanks in advance :-)

unSpawn

09-05-2006 06:41 PM

It means someone tried to get in but failed (that way). Read your systems logs PAM entries for more details, then check which services you got running and wich ones aren't (properly) firewalled. Running a file integrity check and/or Chkrootkit and/or Rootkit Hunter just in case wouldn't hurt.

All times are GMT -5. The time now is 03:20 PM.