LogWatch
jludwig
wralphie at comcast.net
Mon Jul 12 21:42:02 UTC 2004
On Mon, 2004-07-12 at 14:48, Michael Yep wrote:
> Hello All,
>
> There have been a few things in my LogWatch report that I do not
> understand, and one that seems critical to me
>
> Given the following excerpt :
>
> **Unmatched Entries**
> open(/dev/pts/0): No such file or directory
> open(/dev/pts/0): No such file or directory
>
> WARNING: Kernel Errors Present
> vesafb: probe of vesafb0 failed with error -6...: 1 Time(s)
>
> Errors running install command:
> sound_slot_1 : 4 Time(s)
>
> Connections:
> Service sgi_fam:
> <no address>: 2 Time(s)
>
> **Unmatched Entries**
> gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user "winston"
>
> **Unmatched Entries**
> STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or
> directory: 1 Time(s)
>
> Failed to bind:
> 0.0.0.0 port 22 (Address already in use) : 1 Time(s)
>
> **Unmatched Entries**
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
>
>
> The main thing I wondered about is "0.0.0.0 port 22 (Address already in
> use) : 1 Time(s)"
> Is my sshd compromised ?
>
>
>
>
> Michael Yep
> Development / Technical Operations
> RemoteLink, Inc.
> (630) 983-0072 x164
With the data globbed it is hard to say.
The ones that I don't care for is the "Failed to bind"
bind can be either a bash builtin such as bind keystrokes to a
macro (man 1 bind)
or bind a socket to a local address (man 5 bind)
sgi_fam (fam is the file alteration monitor)
pts read pseudo-terminal master slave (man 4 pts)
A Google of the winston indicates that this is a Atari game emulator.
vesafb is a video frame buffer issue.
sound_slot_1 (probably sound card missing or misconfigured )
What does /var/log/secure contain?
As far as ssh it can be bound to a specific IP address (see man 8 sshd,
man 5 hosts_access)
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list