Re: macchina compromessa?

To: "Alessandro A." <atax@email.it>
Cc: debian-italian@lists.debian.org
Subject: Re: macchina compromessa?
From: Gianluca <gianluca@bucchianico.net>
Date: Thu, 30 Aug 2007 15:24:35 +0200
Message-id: <[🔎] 46D6C513.3080109@bucchianico.net>
In-reply-to: <[🔎] 46D6A885.10403@email.it>
References: <[🔎] 46D6A885.10403@email.it>

Alessandro A. ha scritto:

Oggi nei log ho visto questo e non riesco a capire che cosa è successodi preciso:
This email is sent by logcheck. If you wish to no-longer receive it,
you can either deinstall the logcheck package or modify its
configuration file (/etc/logcheck/logcheck.conf).

System Events
=-=-=-=-=-=-=
Aug 30 06:02:03 terra CRON[4979]: (pam_unix) session closed for userlogcheckAug 30 06:09:01 terra CRON[5062]: (pam_unix) session opened for userroot by (uid=0)
Aug 30 06:09:01 terra CRON[5062]: (pam_unix) session closed for user root
Aug 30 06:17:01 terra CRON[5070]: (pam_unix) session opened for userroot by (uid=0)
Aug 30 06:17:01 terra CRON[5070]: (pam_unix) session closed for user root
Aug 30 06:25:01 terra CRON[5074]: (pam_unix) session opened for userroot by (uid=0)
Aug 30 06:25:02 terra su[5103]: Successful su for nobody by root
Aug 30 06:25:02 terra su[5103]: + ??? root:nobody
Aug 30 06:25:02 terra su[5103]: (pam_unix) session opened for usernobody by (uid=0)
Aug 30 06:25:02 terra su[5103]: (pam_unix) session closed for user nobody
Aug 30 06:25:02 terra su[5107]: Successful su for nobody by root
Aug 30 06:25:02 terra su[5107]: + ??? root:nobody
Aug 30 06:25:02 terra su[5107]: (pam_unix) session opened for usernobody by (uid=0)
Aug 30 06:25:02 terra su[5107]: (pam_unix) session closed for user nobody
Aug 30 06:25:02 terra su[5109]: Successful su for nobody by root
Aug 30 06:25:02 terra su[5109]: + ??? root:nobody
Aug 30 06:25:02 terra su[5109]: (pam_unix) session opened for usernobody by (uid=0)
Aug 30 06:25:52 terra su[5109]: (pam_unix) session closed for user nobody
Aug 30 06:26:00 terra CRON[5074]: (pam_unix) session closed for user root
Aug 30 06:39:01 terra CRON[5220]: (pam_unix) session opened for userroot by (uid=0)
Aug 30 06:39:01 terra CRON[5220]: (pam_unix) session closed for user root
Aug 30 07:02:01 terra CRON[5228]: (pam_unix) session opened for userlogcheck by (uid=0)
ma l'utente nobody è riuscito a loggarsi?



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
In REGALO un GIOCO! Scegli GPBikes 3D,Bubble Boom, Rock City Empire
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6732&d=30-8

Tutto regolare, non preoccuparti.
Per una spiegazione migliore puoi vedere:

http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s-vulnerable-system

Precisamente il paragrafo 12.2.4.

Gianluca

--
echo aculnaiG | awk 'BEGIN { FS = "" }
{ for (i = NF; i >= 1; i-- )
  printf $i }'; echo

Reply to:

References:
- macchina compromessa?
  - From: "Alessandro A." <atax@email.it>

Prev by Date: Problema con PERL e ftp o download gestiti da perl
Next by Date: Re: [OT] inotify
Previous by thread: Re: macchina compromessa?
Next by thread: [OT] inotify
Index(es):
- Date
- Thread