Security question regarding root email

Dotan Cohen dotancohen at gmail.com
Mon Jan 2 07:37:24 UTC 2006


On 1/1/06, Charles Howse <chowse at charter.net> wrote:
> > I haven't read root's email in about a month. Now that I get around to
> > it, I am suprised to see things that I have never seen before, such
> > as:
> >  --------------------- pam_unix Begin ------------------------
> >  kde-np:
> >     Unknown Entries:
> >        session opened for user dotancohen by (uid=0): 1 Time(s)
> >  ---------------------- pam_unix End -------------------------
> For the above, I would find out what kde-np is.  What little Googling I did
> suggests it's a script that provides auto-login for some other application.
> Might not be anything to worry about.
> You're seeing it here because LogWatch hasn't been told to ignore it.
>

I also do not remember installing kde-np, or ever using it. As it
seems to have to do with login, it MAY be becaue I logged out and then
back in on that day? Not that I remember doing such.

> >  --------------------- Smartd Begin ------------------------
> >  **Unmatched Entries**
> >  smartd received signal 15: Terminated
> >  smartd is exiting (exit status 0)
> >  ---------------------- Smartd End -------------------------
> Smartd monitors the SMART status of your drives.
> Looks like LogWatch is just showing you that Smartd was terminated with a
> signal 15 once, and quit cleanly once, possibly on shutdown.
> For more info: $ man smartd
>

I know what Smarts is- that's why I was worried. I have never gotten a
message from it before. The $man calmed me down. I am sorry that I
posted regarding this before consulting the $man.

> >  --------------------- httpd Begin ------------------------
> >  Requests with error response codes
> >     404 Not Found
> >        /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1
> > Time(s)
> >        /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1
> > Time(s)
> Can't see the entire lines above, but if your Apache server faces the
> Internet, take the appropriate precautions.  It's not so much the 404's you
> want to monitor, it's the stuff that worked...the commands that actually
> executed, know what I mean?
> >        /favicon.ico: 32 Time(s)
> Easy, Google for favicon.ico
>

OK, so the 404's are alright- it means that nothing was served. That's
right. They were just checking, I guess. As for the favicon, I know
what that is. I should have snipped that part.

> >  --------------------- httpd Begin ------------------------
> >  Requests with error response codes
> >     403 Forbidden
> >        /cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1
> > Time(s)
> >        /cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1
> > Time(s)
> Someone, or 'somebot', doesn't have permission to access the file indicated.
>
> > These are the most suspicious. If anyone could crarify on them a bit,
> > i would appreciate it. Thank you!
>
> Doesn't look like you have anything to panic about, but you have some
> research to do.  :-)
>
> HTH,
> Charles
>

Yes, much research. That's why there's google! Thank you very much.

Dotan Cohen
http://technology-sleuth.com/question/what_is_hdtv.html
||




More information about the users mailing list