[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Q] intrusion



Hello,
I found on my machine the following message one morning:

PAM_UNIX[763]: (su) session opened for user www-data by (uid=0)
su [821]: + ??? root-nobody

PAM_UNIX[821]: (su) session opened for user nobody by (uid=0)


This is the first time it happened and since then I upgraded
to the latest unstable by 'apt-get dselect-upgrade'

Unfortunately, I do not know enough to interpret
the messages above and what happened.  I would like
to know if people on this list can help me to configure
my system so at least this type of attack does not happen
anymore (I do assume that it is an intrusion attack,
unless there is a much simpler explanation for this).

Thanks in advance,
Vladislav

Debian latest unstable/i386/SMP



Reply to: