Sergey Zaharchenko <[EMAIL PROTECTED]> wrote: > On Tue, Jan 04, 2005 at 10:06:39AM -0500, > Bill Moran probably wrote: > > > > Over the holiday I replaced a server that appeared to have been cracked. > > Basically built a replacement with the same services in a sandbox, then > > swapped it with the old one. > > > > The new server seems to be secure, as we're not seeing the spam coming > > off it that the old one was generating, however, I'm seeing a lot of > > messages in the log files. For example: > > > > Jan 4 07:15:13 mail su: _secure_path: cannot stat > > /usr/sbin/nologin/.login_conf: Not a directory > > It looks like `/usr/sbin/nologin/' is someone's ``home directory'' and > that someone is trying to su. /usr/sbin/nologin can't be a home > directory, it must be the shell for some user who isn't supposed to log > in. /nonexistent should be the home directory. It looks possible that > your password file specifies /usr/sbin/nologin as a home directory and a > valid shell for some system user. Maybe you omitted or added an extra > `:'? Just a guess,
Thanks for the input, Sergey. That's certainly what's happening. For some reason, certain user records are awry. -- Bill Moran Potential Technologies http://www.potentialtech.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
