security question about /var/log/secure
Vivek J. Patankar
vivek.patankar at gmail.com
Thu Sep 13 17:47:38 UTC 2007
Gregory Machin wrote:
> remeber to affect the permissions ... and what Connection closed by
> UNKNOWN mean ... does it mean it could not resolve the connection dns
> name ??
I had something of this sort last month. I suggest you go through
/var/log/messages and see if you get messages similar to "pam_tally:
pam_get_uid; no such user UNKNOWN". The messages are exactly one minute
apart. Smells like bot/script activity. The entry above the pam_tally
should tell you where it originated from.
See last months archive for the complete discussion of my case. The
subtect of the thread was NOUSER.
Hope this helps.
--
Regards,
विवेक ज. पाटणकर (Vivek J. Patankar)
Registered Linux User #374218
Fedora release 7 (Moonshine)
Linux 2.6.22.4-65.fc7 x86_64
More information about the fedora-list
mailing list