My Logfiles have inconsistent times and dates!
So, at first I thought the box was comprimised, but nothing has been changed. Looking at the logs I found the following:
Code:
Mar 13 19:02:46 mail2 sshd[1942]: Accepted publickey for root from XXX.XXX.XXX.XXX port 48404 ssh2 As I said prior, this caused me to think we'd been compromised, but I can't find any changes, rootkits, extra users, etc. Any ideas? |
For a start I would make the wise thing: configure the ssh to prevent any root login attempts. There simply is no use or sane reason to accept root login trough SSH; one can use a regular account to log in and then use su or sudo to do the needed tasks, but it's definitely not wise to let root log in directly.
Can you repeat the date inconsistensy, or has it happened before, or is it just this one time? |
Only since yesterday, so I'm thinking at this point its some sort of anomoly.
|
All times are GMT -5. The time now is 06:59 PM. |