Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Nov 20 10:02:24 dragon xinetd[928]: START: sgi_fam pid=15536 from=<no address>
It roughly translates to: "the process named: xinetd (with PID: 928) (issued the command: START) (for xinetd service entry: sgi_fam, running with PID 15536, where the (requesting) address is unknown)"
You probably have a second line in the logs which you didn't post?
Is it a security problem?
To answer this question you should:
I. Check out what the FAM process does and if you need it,
II. Check the superserver's configuration (Xinetd in this case) for the FAM service configuration (/etc/xinetd.d/fam). It is by default restricted to only accept connections from "localhost" aka IP address 127.0.0.1,
III. Check out your /etc/hosts.deny for a line called "ALL: ALL". In cases where you do not need/want to provide services to world, this will be the only uncommented line,
IV. Check out your /etc/hosts.allow, and add the line "sgi_fam: 127.0.0.1" to explicitly allow localhost to access the FAM service,
* If that doesn't fix the problem possible workarounds are to add a "NOLIBWRAP" flag in /etc/xinetd.d/fam and change "local_only" to "true" in /etc/fam.conf.
BTW, what does FAM service do normally?
Here's #1 I asked you to do: Check out what the FAM process does and if you need it. Don't get accused of being "lazy" while the material is right in front of you! (besides *you* should know what's running on *your* box) so please read the manual/man/info page/package description.
Thanks again. I checked the time when this happened. It seems that every time turn on the monitor and bring up the login window it takes one record. I know xinetd is the login daemon, but don't know what FAM does here.
Where can I find what FAM does for this?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
