Log check reports - what's going on?
Here is an excerpt from the head of my hourly log check report.
It usually just flags the odd authentication failure, quite often my own
mis-spelling of a password or failure to access cdrom etc.
But now I'm getting heaps of the following messages every hour.
What next please?
Bob Parker
This mail is sent by logcheck. If you do not want to receive it any more,
please modify the configuration files in /etc/logcheck or deinstall logcheck.
Possible Security Violations
=-=-=-=-=-=-=-=-=-=
Jul 29 18:53:47 debian inetd[20208]: execv /usr/sbin/tcpd: Permission denied
Jul 29 18:53:48 debian inetd[20209]: execv /usr/sbin/tcpd: Permission denied
Jul 29 18:53:52 debian inetd[20210]: execv /usr/sbin/tcpd: Permission denied
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jul 29 18:02:11 debian pppd[19124]: rcvd [LCP EchoReq id=0x27
magic=0xf37beb2b cb c2 38 96]
Jul 29 18:02:11 debian pppd[19124]: sent [LCP EchoRep id=0x27
magic=0x2cff1c87 cb c2 38 96]
Jul 29 18:02:21 debian pppd[19124]: rcvd [LCP EchoReq id=0x28
magic=0xf37beb2b cb c2 38 96]
Jul 29 18:02:21 debian pppd[19124]: sent [LCP EchoRep id=0x28
magic=0x2cff1c87 cb c2 38 96]
Jul 29 18:02:29 debian pppd[19124]: sent [LCP EchoReq id=0x1b
magic=0x2cff1c87]
Jul 29 18:02:29 debian pppd[19124]: rcvd [LCP EchoRep id=0x1b
magic=0xf37beb2b]
Jul 29 18:02:31 debian pppd[19124]: rcvd [LCP EchoReq id=0x29
magic=0xf37beb2b cb c2 38 96]
Jul 29 18:02:31 debian pppd[19124]: sent [LCP EchoRep id=0x29
magic=0x2cff1c87 cb c2 38 96]
Reply to: