Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-14-2005, 11:26 AM
|
#1
|
|
Member
Registered: Aug 2003
Location: Boise, idaho
Distribution: Red Hat, Fedora, Debian, BSD, CentOS, Ubuntu
Posts: 44
Rep: 
|
mail server question
Hi all,
I have a question. I've been just given the job of managing our mail server running RHE3 with Qmail and squarrelmail. Resently I've been recieving entries into my logs that look like this:
**Unmatched Entries**
xinetd[2154]: START: sgi_fam pid=9160 from=<no address>
xinetd[2154]: START: sgi_fam pid=10234 from=<no address>
xinetd[2154]: START: sgi_fam pid=11281 from=<no address>
xinetd[2154]: START: sgi_fam pid=12315 from=<no address>
xinetd[2154]: START: sgi_fam pid=13213 from=<no address>
xinetd[2154]: START: sgi_fam pid=14287 from=<no address>
xinetd[2154]: START: sgi_fam pid=15195 from=<no address>
xinetd[2154]: START: sgi_fam pid=16411 from=<no address>
xinetd[2154]: START: sgi_fam pid=17533 from=<no address>
xinetd[2154]: START: sgi_fam pid=18420 from=<no address>
xinetd[2154]: START: sgi_fam pid=18449 from=<no address>
xinetd[2154]: START: sgi_fam pid=18492 from=<no address>
xinetd[2154]: START: sgi_fam pid=18520 from=<no address>
xinetd[2154]: START: sgi_fam pid=18551 from=<no address>
xinetd[2154]: START: sgi_fam pid=18608 from=<no address>
xinetd[2154]: START: sgi_fam pid=19625 from=<no address>
xinetd[2154]: START: sgi_fam pid=20944 from=<no address>
xinetd[2154]: START: sgi_fam pid=22467 from=<no address>
xinetd[2154]: START: sgi_fam pid=23762 from=<no address>
xinetd[2154]: START: sgi_fam pid=24716 from=<no address>
xinetd[2154]: START: sgi_fam pid=25628 from=<no address>
xinetd[2154]: START: sgi_fam pid=27111 from=<no address>
I get several hundred in my logs everyday. Is this someone trying to hack my server or am I looking at something else. Thanks for the help.
|
|
|
|
|
09-14-2005, 12:24 PM
|
#2
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
don't worry, it's not a security issue
i think you are looking at something else... 
maybe you could disable your fam daemon (if you don't need it)??
http://oss.sgi.com/projects/fam/index.html
from what little i've googled it seems you could also try adding a "flags = NOLIBWRAP" option to your /etc/xinet.d/sgi_fam file:
https://bugzilla.redhat.com/bugzilla....cgi?id=119918
for more info about this: http://www.google.com/linux?&q=flags+nolibwrap
but i might be trippin', though... maybe the nolibwrap thing isn't what you want... either way, i'm sure there's a way to configure either xinetd or fam so as that your logs don't get cluttered... please post the solution if you find it so that others with the same issue can benefit from it...
just my  ...
Last edited by win32sux; 09-14-2005 at 12:43 PM.
|
|
|
|
|
09-14-2005, 02:05 PM
|
#3
|
|
Member
Registered: Aug 2003
Location: Boise, idaho
Distribution: Red Hat, Fedora, Debian, BSD, CentOS, Ubuntu
Posts: 44
Original Poster
Rep:
|
not sure if i do need it but I'm trying the "flags = NOLIBWRAP" and will see what happens in the morning when I get my logs. I will let you know.
|
|
|
|
All times are GMT -5. The time now is 01:41 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
