Part of what my linux computer does is run as a firewall/router combination. It's probably not as tightly locked down as it should be, but it's been doing a fine job of it until recently.
Last night, I had to basically unplug the machine, then start it up again. It did. Right afterwards, the linux PC crashed again and has been unstable ever since. This morning, when I was awake, I went and checked out some of the logs located at /var/log. Here're are some samples from auth.log that are confusing me.
Code:
Mar 19 23:17:10 localhost sshd[2885]: Server listening on :: port 22.
Mar 19 23:17:10 localhost sshd[2885]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
***
Mar 19 23:37:03 localhost xdm(pam_unix)[2759]: check pass; user unknown
Mar 19 23:37:03 localhost xdm(pam_unix)[2759]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Mar 19 23:37:10 localhost xdm(pam_unix)[2759]: check pass; user unknown
Mar 19 23:37:10 localhost xdm(pam_unix)[2759]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
***
Mar 20 10:20:15 localhost su(pam_unix)[2008]: session opened for user nobody by (uid=0)
Mar 20 10:20:16 localhost su(pam_unix)[2008]: session closed for user nobody
What do those mean, if anything? Who in the world is user "nobody" (who also seems to be running processes on machine?
I've changed passwords on my name and the root account, but wondering if there's something truly bad going on or if my computer is just a little crazy.
I'm running Mandriva 2006 as a server machine, in case there's any difference.
Please help. Thank you in advance.
