LinuxAnswers - the LQ Linux tutorial section.
Go Back > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.


  Search this Thread
Old 03-20-2006, 08:13 PM   #1
Registered: Sep 2005
Distribution: Mandriva 2007 & Ubuntu Fesity Fawn
Posts: 67

Rep: Reputation: 15
Strange Logs or Not?

Part of what my linux computer does is run as a firewall/router combination. It's probably not as tightly locked down as it should be, but it's been doing a fine job of it until recently.

Last night, I had to basically unplug the machine, then start it up again. It did. Right afterwards, the linux PC crashed again and has been unstable ever since. This morning, when I was awake, I went and checked out some of the logs located at /var/log. Here're are some samples from auth.log that are confusing me.
Mar 19 23:17:10 localhost sshd[2885]: Server listening on :: port 22.
Mar 19 23:17:10 localhost sshd[2885]: error: Bind to port 22 on failed: Address already in use.


Mar 19 23:37:03 localhost xdm(pam_unix)[2759]: check pass; user unknown
Mar 19 23:37:03 localhost xdm(pam_unix)[2759]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= 
Mar 19 23:37:10 localhost xdm(pam_unix)[2759]: check pass; user unknown
Mar 19 23:37:10 localhost xdm(pam_unix)[2759]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= 


Mar 20 10:20:15 localhost su(pam_unix)[2008]: session opened for user nobody by (uid=0)
Mar 20 10:20:16 localhost su(pam_unix)[2008]: session closed for user nobody
What do those mean, if anything? Who in the world is user "nobody" (who also seems to be running processes on machine?

I've changed passwords on my name and the root account, but wondering if there's something truly bad going on or if my computer is just a little crazy.

I'm running Mandriva 2006 as a server machine, in case there's any difference.

Please help. Thank you in advance.

Last edited by sleepykit; 03-20-2006 at 08:15 PM.
Old 03-21-2006, 12:06 PM   #2
tur third
Registered: Jun 2005
Location: Surrey, UK
Distribution: Ubuntu 10.04, 10.10
Posts: 187

Rep: Reputation: 24
I am not able to interpret your log, however after a recent nasty problem with my Windows ME pc I read about and used a site called 'shields up'. This attempts to scan your ports to look for any weaknesses.

It might be an idea to use this to see whether you have a port that is vunerable. Google for the site or use the link. shields up


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
HELP ! very strange apache logs ! qwijibow Linux - Security 2 09-15-2004 10:24 PM
Strange FTP logs dominant Linux - Security 1 08-24-2004 01:46 AM
Strange Apache LOGs... TheIrish Linux - Security 3 02-10-2004 01:15 PM
strange logs NSKL Slackware 2 10-24-2003 05:10 AM
new stuff in web logs, strange Robert0380 Linux - Security 1 09-27-2003 05:33 AM

All times are GMT -5. The time now is 06:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration