| > most notably the 'unmatched entries' in things like sendmail, | > proftpd and sshd are bothering me. | | Then logwatch is probably not what you want, disable it if you like
i didn't mean 'bothering me' in the sense that i wish they would go away. i'm just concerned when i get strange messages that i don't understand. like "g68JKQpm001168:....". to a newbie eye, this looks like an attempted hack. i know how to configure/compile apache, bind, samba and proftpd, but the output i receive from them is still greek to me and i keep thinking that my box has been hacked because i still don't understand so much. i guess what i'm saying here is that there's a need for something out there that will plainly explain if i should worry about the message is get... kinda like sshd's "[cytpyic message] - don't panic". does such software exist? or at least a simple document that can get newbie sysadmins like me on the right track? thanks for the info people. ----- Original Message ----- Sent: Thursday, July 11, 2002 9:48 AM Subject: RE: logwatch message that i don't understand | > i got this in my logwatch email to root the other day: | | > g68JKQpm001168: Authentication-Warning: mydomain.com: myuser | > owned process | > doing -bs | | > what's a -bs? | | a sendmail commandline parameter used by programs like pine to send mail. If | the sender is not a trusted user this warning is written to the logs. | | > is it bad? | | no, just a warning. | | > is there a faq out there that can fill me in on all of this? | | not that I'm aware of one, I use google when in doubt about sth. like this. | | > most notably the 'unmatched entries' in things like sendmail, | > proftpd and sshd are bothering me. | | Then logwatch is probably not what you want, disable it if you like | | > that and the fact that i'm getting tonnes of | > attempted annonymous ftp connections when i don't support | > annonymous ftp and | > to my knowledge, i'm not advertising the fact that i'm | > running an ftp server | > anywhere. | | welcome to the internet where portscans are a common thing and every open | Port 21 is visited by people trying to figure out if your ftp server is | usable for warez trading. | | Disable ftp or live with it. There is not much you can do against it. | | | | _______________________________________________ | Redhat-list mailing list | [EMAIL PROTECTED] | https://listman.redhat.com/mailman/listinfo/redhat-list | _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
