Security question regarding root email
Dotan Cohen
dotancohen at gmail.com
Mon Jan 2 07:37:24 UTC 2006
On 1/1/06, Charles Howse <chowse at charter.net> wrote:
> > I haven't read root's email in about a month. Now that I get around to
> > it, I am suprised to see things that I have never seen before, such
> > as:
> > --------------------- pam_unix Begin ------------------------
> > kde-np:
> > Unknown Entries:
> > session opened for user dotancohen by (uid=0): 1 Time(s)
> > ---------------------- pam_unix End -------------------------
> For the above, I would find out what kde-np is. What little Googling I did
> suggests it's a script that provides auto-login for some other application.
> Might not be anything to worry about.
> You're seeing it here because LogWatch hasn't been told to ignore it.
>
I also do not remember installing kde-np, or ever using it. As it
seems to have to do with login, it MAY be becaue I logged out and then
back in on that day? Not that I remember doing such.
> > --------------------- Smartd Begin ------------------------
> > **Unmatched Entries**
> > smartd received signal 15: Terminated
> > smartd is exiting (exit status 0)
> > ---------------------- Smartd End -------------------------
> Smartd monitors the SMART status of your drives.
> Looks like LogWatch is just showing you that Smartd was terminated with a
> signal 15 once, and quit cleanly once, possibly on shutdown.
> For more info: $ man smartd
>
I know what Smarts is- that's why I was worried. I have never gotten a
message from it before. The $man calmed me down. I am sorry that I
posted regarding this before consulting the $man.
> > --------------------- httpd Begin ------------------------
> > Requests with error response codes
> > 404 Not Found
> > /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1
> > Time(s)
> > /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1
> > Time(s)
> Can't see the entire lines above, but if your Apache server faces the
> Internet, take the appropriate precautions. It's not so much the 404's you
> want to monitor, it's the stuff that worked...the commands that actually
> executed, know what I mean?
> > /favicon.ico: 32 Time(s)
> Easy, Google for favicon.ico
>
OK, so the 404's are alright- it means that nothing was served. That's
right. They were just checking, I guess. As for the favicon, I know
what that is. I should have snipped that part.
> > --------------------- httpd Begin ------------------------
> > Requests with error response codes
> > 403 Forbidden
> > /cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1
> > Time(s)
> > /cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1
> > Time(s)
> Someone, or 'somebot', doesn't have permission to access the file indicated.
>
> > These are the most suspicious. If anyone could crarify on them a bit,
> > i would appreciate it. Thank you!
>
> Doesn't look like you have anything to panic about, but you have some
> research to do. :-)
>
> HTH,
> Charles
>
Yes, much research. That's why there's google! Thank you very much.
Dotan Cohen
http://technology-sleuth.com/question/what_is_hdtv.html
||
More information about the fedora-list
mailing list