Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-14-2005, 09:57 AM   #1
Registered: Oct 2004
Location: Oldenburg, Germany
Distribution: FC4
Posts: 42

Rep: Reputation: 15

i took a look at my logfiles and saw the following entry:

Jan 14 09:24:49 desktop groupadd[6563]: new group: name=named, gid=25
Jan 14 09:24:49 desktop useradd[6564]: new user: name=named, uid=25, gid=25, home=/var/named, shell=/sbin/nologin

either i added the group nor the user.

/var/named includes following files:

-rw-r--r-- 1 root root 0 14. Jan 15:47 content
drwxrwx--- 2 25 named 4096 18. Okt 23:17 data
-rw-r--r-- 1 25 named 198 26. Aug 00:16
-rw-r--r-- 1 25 named 195 26. Aug 00:16
-rw-r--r-- 1 25 named 415 26. Aug 00:16 named.broadcast
-rw-r--r-- 1 25 named 2518 26. Aug 00:16
-rw-r--r-- 1 25 named 432 26. Aug 00:16 named.ip6.local
-rw-r--r-- 1 25 named 433 26. Aug 00:16 named.local
-rw-r--r-- 1 25 named 416 26. Aug 00:16
drwxrwx--- 2 25 named 4096 18. Okt 23:17 slaves

i cant see a login-attemp with ssh.

google told me that this has to do with dns, but i couldnt find out why a user and a group has been added and by whom. so maybe someone can tell me, if this is some kind of security-problem.

thank you, grimse
Old 01-15-2005, 12:22 AM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Named is a standard system user on several linux distros (including Fedora). The /var/named directory and its contents are standard too. Not sure why it was suddenly added, but I'd guess as part of an update (up2date or Yum) or something you installed recently. Also note that the shell /sbin/nologin prevents that user from directly logging into the system. Doesn't appear to be anything malicious, but you might want to look into any recent updates or installs and see if the user creation time in /var/log/messages coincides with anything else.
Old 01-15-2005, 07:23 AM   #3
Registered: Oct 2004
Location: Oldenburg, Germany
Distribution: FC4
Posts: 42

Original Poster
Rep: Reputation: 15
thank you for your help


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving /var/adm and /var/lib - why does it hurt? J_Szucs Linux - General 1 09-15-2004 07:46 PM
named -u named at startup zzero Linux - Newbie 4 03-16-2004 01:08 AM
cannot find named.conf and /var/named kaushikma Red Hat 1 02-07-2004 01:49 PM
a green-colored file name in the /var/named directory rioguia Linux - Newbie 2 10-16-2003 09:06 AM
Virtual Host type, named or IP via SSL? Named VH is not possible? piratebiter Linux - Security 3 08-20-2003 06:27 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:09 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration