[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck

On Thu, 21 Sep 2000, debian-isp@ghost.net.cfw.com wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
> > Nobody suing to root is not non-threatening!  Ideally you would have a
> > group wheel or root required for su to root to prevent this.  Currently I
> > haven't as I haven't got the PAM setup for it going yet.
> PAM is acronym for 'password authentication mode' ?
> I know that BSD uses a wheel group that needs to be enacted before a su
> can happen. What means are you considering doing this?

PAM has support for it using pam_wheel.so

> Also, would something be running from cron that does this every morning at
> 6:23 AM? 

As user nobody su'ing to root,  it sounds like cron bulding the slocate 

> Anyone know how I can investigate furthur?

Look in /etc/crontab, /etc/cron.daily, /etc/cron.d

Gerard MacNeil, P. Eng                          macneil@supercity.ns.ca
System Administrator
Supercity Internet Services                     http://www.supercity.ns.ca

Reply to: