LogWatch

jludwig wralphie at comcast.net
Mon Jul 12 21:42:02 UTC 2004 

On Mon, 2004-07-12 at 14:48, Michael Yep wrote:
> Hello All,
> 
> There have been a few things in my LogWatch report that I do not 
> understand, and one that seems critical to me
> 
> Given the following excerpt :
> 
> **Unmatched Entries**
> open(/dev/pts/0): No such file or directory
> open(/dev/pts/0): No such file or directory
> 
> WARNING:  Kernel Errors Present
>     vesafb: probe of vesafb0 failed with error -6...:  1 Time(s)
> 
> Errors running install command:
>     sound_slot_1  : 4 Time(s)
> 
> Connections:
>     Service sgi_fam:
>        <no address>: 2 Time(s)
> 
> **Unmatched Entries**
> gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user "winston"
> 
> **Unmatched Entries**
>     STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or 
> directory: 1 Time(s)
> 
> Failed to bind:
>     0.0.0.0 port 22 (Address already in use) : 1 Time(s)
> 
> **Unmatched Entries**
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> 
> 
> The main thing I wondered about is "0.0.0.0 port 22 (Address already in 
> use) : 1 Time(s)"
> Is my sshd compromised ?
> 
> 
> 
> 
> Michael Yep
> Development / Technical Operations
> RemoteLink, Inc.
> (630) 983-0072 x164
With the data globbed it is hard to say.

The ones that I don't care for is the "Failed to bind"
bind can be either a bash builtin such as bind keystrokes to a 
macro (man 1 bind) 
or bind a socket to a local address (man 5 bind)
sgi_fam (fam is the file alteration monitor)

pts read pseudo-terminal master slave (man 4 pts)

A Google of the winston indicates that this is a Atari game emulator.

vesafb is a video frame buffer issue.
sound_slot_1 (probably sound card missing or misconfigured )

What does /var/log/secure contain?

As far as ssh it can be bound to a specific IP address (see man 8 sshd,
man 5 hosts_access)
-- 

jludwig <wralphie at comcast.net>

More information about the users mailing list