Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-26-2006, 01:48 PM
|
#1
|
|
Member
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155
Rep: 
|
Strange Repeating Error message in /var/log/message
The error is this:
pam_timestamp_check: pam_timestamp: `/' owner UID != 0
repeated over and over.
I have done this:
# chown root:root '/'
# ls -ld '/'
drwxr-xr-x 25 root root 4096 Oct 25 09:12 /
Yet I see this:
Oct 26 14:36:27 tsm su(pam_unix)[4962]: session closed for user root
Oct 26 14:36:28 tsm pam_timestamp_check: pam_timestamp: `/' owner UID != 0
Oct 26 14:37:00 tsm last message repeated 13 times
Oct 26 14:38:03 tsm last message repeated 25 times
Oct 26 14:39:05 tsm last message repeated 25 times
Oct 26 14:40:08 tsm last message repeated 25 times
Oct 26 14:41:10 tsm last message repeated 25 times
I changed the password of the user that is assuming ownership of '/' but it happens again. This leads me to believe it is some sort of batch process. Anyone seen this before?
|
|
|
|
|
10-26-2006, 02:28 PM
|
#2
|
|
Member
Registered: Jun 2006
Location: Massachusetts
Distribution: Gentoo
Posts: 79
Rep:
|
Try:
This will make sure that the UID and GID are actually 0.
You can take a look in /var/spool/cron/ for jobs that might be doing this. |
|
|
|
|
10-27-2006, 08:29 AM
|
#3
|
|
Member
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155
Original Poster
Rep:
|
Additional info.. Looks like selinux is doing it?
Oct 27 03:00:02 tsm kernel: SELinux: initialized (dev cifs, type cifs), uses genfs_con
texts
Oct 27 03:00:30 tsm kernel: SELinux: initialized (dev cifs, type cifs), uses genfs_con
texts
Oct 27 03:00:45 tsm pam_timestamp_check: pam_timestamp: `/' owner UID != 0
Oct 27 03:01:19 tsm last message repeated 13 times
|
|
|
|
All times are GMT -5. The time now is 03:34 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
