[NTLUG:Discuss] compromised?
Fred
fredstevens at yahoo.com
Wed May 31 14:36:31 CDT 2006
I found these entries in the system log:
May 31 04:15:48 main su: (to nobody) root on none
May 31 04:15:48 main su: pam_unix2: session started for user nobody, service su
May 31 04:15:48 main su: pam_unix2: session finished for user nobody, service
su
May 31 04:15:48 main su: (to nobody) root on none
May 31 04:15:48 main su: pam_unix2: session started for user nobody, service su
May 31 04:15:52 main su: pam_unix2: session finished for user nobody, service
su
May 31 04:15:52 main su: (to nobody) root on none
May 31 04:15:52 main su: pam_unix2: session started for user nobody, service su
May 31 04:15:52 main su: pam_unix2: session finished for user nobody, service
su
May 31 04:15:52 main su: (to nobody) root on none
May 31 04:15:52 main su: pam_unix2: session started for user nobody, service su
May 31 04:21:03 main su: pam_unix2: session finished for user nobody, service
su
To say that I am worried is an understatement. That 5 minute long session at
the end bothers me most. I cannot find any evidence of any problems... AV,
chkrootkit, rkhunter all come back negative.
What can cause this other than a breach?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Discuss
mailing list