Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-30-2003, 09:12 PM
|
#1
|
Member
Registered: Feb 2002
Posts: 51
Rep:
|
/var/log/secure
I have a redhat 9 machine running ssh, samba, apache and vsftpd. I checked my /var/log/secure file, couldn't understand the following line:
Nov 20 10:02:24 dragon xinetd[928]: START: sgi_fam pid=15536 from=<no address>
It appears several times, of course with different pid. Is it a security problem?
Thanks
|
|
|
12-01-2003, 12:26 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Nov 20 10:02:24 dragon xinetd[928]: START: sgi_fam pid=15536 from=<no address>
It roughly translates to: "the process named: xinetd (with PID: 928) (issued the command: START) (for xinetd service entry: sgi_fam, running with PID 15536, where the (requesting) address is unknown)"
You probably have a second line in the logs which you didn't post?
Is it a security problem?
To answer this question you should:
I. Check out what the FAM process does and if you need it,
II. Check the superserver's configuration (Xinetd in this case) for the FAM service configuration (/etc/xinetd.d/fam). It is by default restricted to only accept connections from "localhost" aka IP address 127.0.0.1,
III. Check out your /etc/hosts.deny for a line called "ALL: ALL". In cases where you do not need/want to provide services to world, this will be the only uncommented line,
IV. Check out your /etc/hosts.allow, and add the line "sgi_fam: 127.0.0.1" to explicitly allow localhost to access the FAM service,
* If that doesn't fix the problem possible workarounds are to add a "NOLIBWRAP" flag in /etc/xinetd.d/fam and change "local_only" to "true" in /etc/fam.conf.
|
|
|
12-01-2003, 12:58 PM
|
#3
|
Member
Registered: Feb 2002
Posts: 51
Original Poster
Rep:
|
Thanks a lot. BTW, what does FAM service do normally?
|
|
|
12-01-2003, 01:06 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Thanks a lot.
Np.
BTW, what does FAM service do normally?
Here's #1 I asked you to do: Check out what the FAM process does and if you need it. Don't get accused of being "lazy" while the material is right in front of you! (besides *you* should know what's running on *your* box) so please read the manual/man/info page/package description.
|
|
|
12-01-2003, 03:50 PM
|
#5
|
Member
Registered: Feb 2002
Posts: 51
Original Poster
Rep:
|
Thanks again. I checked the time when this happened. It seems that every time turn on the monitor and bring up the login window it takes one record. I know xinetd is the login daemon, but don't know what FAM does here.
Where can I find what FAM does for this?
|
|
|
12-01-2003, 04:46 PM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
How about man fam or using your package manager to see details about the fam package?
|
|
|
12-02-2003, 09:45 AM
|
#7
|
Member
Registered: Feb 2002
Posts: 51
Original Poster
Rep:
|
Thanks, buddy. I found I have sgi_fam service running with xinetd. Everytime I log in, I got that message.
Thanks for your help.
|
|
|
All times are GMT -5. The time now is 02:53 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|