Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-23-2005, 09:58 AM   #1
Senior Member
Registered: Mar 2002
Location: Los Angeles, CA
Distribution: Debian, Ubuntu
Posts: 1,334

Rep: Reputation: 51
looking at my auth.log, did I someome get into my machine?

Two lines from my auth.log:

May 22 06:25:01 element04 su[29852]: + ??? root:nobody
May 22 06:25:01 element04 su[29852]: (pam_unix) session opened for user nobody by (uid=0)
What does this mean? Could this be something normal? Is it definitely a hack? What can someone do if they are user "nobody"?

Also, looking at the /etc/passwd file, I notice that nobody has a shell - /bin/sh. There doesn't seem to be a /sbin/nologin on this machine, what can I use instead?

uname -r

running Debian 3.1


Last edited by BrianK; 05-23-2005 at 10:00 AM.
Old 05-23-2005, 10:18 AM   #2
Senior Member
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
This is quite normal on a Debian server. This is a cron function that occurs at 6:25 each day and that is when the server starts a new syslog.

Last edited by TigerOC; 05-23-2005 at 10:21 AM.
Old 05-23-2005, 10:25 AM   #3
Senior Member
Registered: Mar 2002
Location: Los Angeles, CA
Distribution: Debian, Ubuntu
Posts: 1,334

Original Poster
Rep: Reputation: 51
whew. Thanks!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 05:11 PM
/var/log/auth.log entries buehler Linux - Security 1 04-23-2005 04:45 PM
weird stuff in /var/log/auth.log bschiett Linux - Security 3 03-12-2005 08:29 AM
Auth log tool Kanon Linux - Networking 2 01-01-2005 03:34 PM
about qmail, how could i get the auth error log? Freewind Linux - Newbie 0 01-24-2004 03:26 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration