On Tue, Mar 30, 2004 at 10:55:29PM +0200, Matthijs wrote: > Since a few days, Logcheck reports a lot of messages like this: > > --------------------------------------------------------------------- > Security Violations for su > =-=-=-=-=-=-=-=-=-=-=-=-=- > Mar 30 06:25:02 MyMail su[13083]: (pam_unix) session opened for user > nobody by (uid=0) > --------------------------------------------------------------------- > > I've had similar messages for various users for cron and sshd. > > Should I be worried? The only way I can read this messages is that > user 'nobody' has done a 'su' - become root. I don't know what the > 'pam_unix' part means. > > So: does this mean my server has been compromised? > If not, what does it mean? > If so, how? How can I find the hole - or should I re-install > everything? > > Thanks, > -- > Matthijs > [EMAIL PROTECTED] > > >
// http://lists.debian.org/debian-user/2003/debian-user-200303/msg00472.htm kthxbye. b. // -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
