LogWatch

Michael Yep myep at remotelink.com
Mon Jul 12 21:57:18 UTC 2004 

Actually winston is one of my usernames, so we dont need to worry about that
I just wondered what "pam_succeed_if: requirement "uid < 100" not met by 
user" meant

the bind is refering to the port / socket I am sure, here is /var/log/secure

Jul 11 10:26:52 localhost sshd[3375]: Received signal 15; terminating.
Jul 11 20:51:00 localhost sshd[3374]: Server listening on :: port 22.
Jul 11 20:51:00 localhost sshd[3374]: error: Bind to port 22 on 0.0.0.0 
failed: Address already in use.
Jul 11 20:51:23 localhost xinetd[3389]: START: sgi_fam pid=3909 from=<no 
address>
Jul 11 21:36:20 localhost sshd[4407]: pam_succeed_if: requirement "uid < 
100" not met by user "winston"
Jul 11 21:36:20 localhost sshd[4407]: Accepted password for winston from 
::ffff:192.168.1.101 port 1026 ssh2
Jul 11 21:36:20 localhost sshd[4409]: subsystem request for sftp
Jul 11 21:56:35 localhost sshd[4409]: Received disconnect from 
::ffff:192.168.1.101: 11: Disconnect requested by Windows SSH Client.
Jul 12 01:41:40 localhost userhelper[4502]: running '/sbin/reboot' with 
root privileges on behalf of 'root'
Jul 12 01:41:44 localhost sshd[3374]: Received signal 15; terminating.


At 04:42 PM 7/12/2004, you wrote:
>On Mon, 2004-07-12 at 14:48, Michael Yep wrote:
> > Hello All,
> >
> > There have been a few things in my LogWatch report that I do not
> > understand, and one that seems critical to me
> >
> > Given the following excerpt :
> >
> > **Unmatched Entries**
> > open(/dev/pts/0): No such file or directory
> > open(/dev/pts/0): No such file or directory
> >
> > WARNING:  Kernel Errors Present
> >     vesafb: probe of vesafb0 failed with error -6...:  1 Time(s)
> >
> > Errors running install command:
> >     sound_slot_1  : 4 Time(s)
> >
> > Connections:
> >     Service sgi_fam:
> >        <no address>: 2 Time(s)
> >
> > **Unmatched Entries**
> > gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user 
> "winston"
> >
> > **Unmatched Entries**
> >     STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or
> > directory: 1 Time(s)
> >
> > Failed to bind:
> >     0.0.0.0 port 22 (Address already in use) : 1 Time(s)
> >
> > **Unmatched Entries**
> > pam_succeed_if: requirement "uid < 100" not met by user "winston"
> > pam_succeed_if: requirement "uid < 100" not met by user "winston"
> > pam_succeed_if: requirement "uid < 100" not met by user "winston"
> > pam_succeed_if: requirement "uid < 100" not met by user "winston"
> > pam_succeed_if: requirement "uid < 100" not met by user "winston"
> >
> >
> > The main thing I wondered about is "0.0.0.0 port 22 (Address already in
> > use) : 1 Time(s)"
> > Is my sshd compromised ?
> >
> >
>
>With the data globbed it is hard to say.
>
>The ones that I don't care for is the "Failed to bind"
>bind can be either a bash builtin such as bind keystrokes to a
>macro (man 1 bind)
>or bind a socket to a local address (man 5 bind)
>sgi_fam (fam is the file alteration monitor)
>
>pts read pseudo-terminal master slave (man 4 pts)
>
>A Google of the winston indicates that this is a Atari game emulator.
>
>vesafb is a video frame buffer issue.
>sound_slot_1 (probably sound card missing or misconfigured )
>
>What does /var/log/secure contain?
>
>As far as ssh it can be bound to a specific IP address (see man 8 sshd,
>man 5 hosts_access)
>--
>
>jludwig <wralphie at comcast.net>
>
>
>--
>fedora-list mailing list
>fedora-list at redhat.com
>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Michael Yep
Development / Technical Operations
RemoteLink, Inc.
(630) 983-0072 x164

More information about the fedora-list mailing list