/var/named
hi.
i took a look at my logfiles and saw the following entry:
Jan 14 09:24:49 desktop groupadd[6563]: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd[6564]: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin
either i added the group nor the user.
/var/named includes following files:
-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16 localdomain.zone
-rw-r--r-- 1 25 named 195 26. Aug 00:16 localhost.zone
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16 named.ca
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16 named.zero
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves
i cant see a login-attemp with ssh.
google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.
thank you, grimse
|