Package: ejabberd Version: 23.01-1 Severity: normal I've noticed that ejabberd is logging some messages with the process name "sh" rather than ejabberd. When I first noticed these, I was concerned that there might have been an unauthorized shell service backdoor setup to compromise the system. Why are these logged with this misleading and concerning service name?
Example: Dec 26 04:04:41 somehost sh[5311]: 2023-12-26 04:04:41.724966-06:00 [info] (<0.980.1>) Accepted connection 127.0.0.1:49934 -> 127.0.0 .1:5269 Dec 26 04:04:45 somehost sh[5311]: 2023-12-26 04:04:45.911985-06:00 [info] Closing inbound s2s connection 127.0.0.1 -> somehost.com: Stream closed by local host: not well-formed (invalid token) (not-well-formed) -- System Information: Debian Release: 12.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-14-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ejabberd depends on: ii adduser 3.134 ii debconf [debconf-2.0] 1.5.82 ii erlang-asn1 1:25.2.3+dfsg-1 ii erlang-base [erlang-abi] 1:25.2.3+dfsg-1 ii erlang-base64url 1.0.1-6 ii erlang-crypto 1:25.2.3+dfsg-1 ii erlang-goldrush 0.2.0-8 ii erlang-idna 6.1.1-4 ii erlang-inets 1:25.2.3+dfsg-1 ii erlang-jiffy 1.1.1-1 ii erlang-jose 1.11.5-1 ii erlang-lager 3.9.2-2 ii erlang-mnesia 1:25.2.3+dfsg-1 ii erlang-odbc 1:25.2.3+dfsg-1 ii erlang-os-mon 1:25.2.3+dfsg-1 ii erlang-p1-acme 1.0.22-1 ii erlang-p1-cache-tab 1.0.30-2 ii erlang-p1-eimp 1.0.22-2 ii erlang-p1-mqtree 1.0.15-2 ii erlang-p1-pkix 1.0.9-2 ii erlang-p1-stringprep 1.0.29-2 ii erlang-p1-stun 1.2.7-1 ii erlang-p1-tls 1.1.16-2 ii erlang-p1-utils 1.0.25-2 ii erlang-p1-xml 1.1.49-2 ii erlang-p1-xmpp 1.6.1-1 ii erlang-p1-yaml 1.0.36-1 ii erlang-p1-yconf 1.0.15-1 ii erlang-p1-zlib 1.0.12-2 ii erlang-public-key 1:25.2.3+dfsg-1 ii erlang-ssl 1:25.2.3+dfsg-1 ii erlang-syntax-tools 1:25.2.3+dfsg-1 ii erlang-unicode-util-compat 0.7.0-4 ii erlang-xmerl 1:25.2.3+dfsg-1 ii init-system-helpers 1.65.2 ii openssl 3.0.11-1~deb12u2 ii ucf 3.0043+nmu1 ejabberd recommends no packages. Versions of packages ejabberd suggests: ii apparmor 3.0.8-3 pn apparmor-utils <none> ii ejabberd-contrib 0.2023.01.25~dfsg0-1 pn erlang-luerl <none> pn erlang-p1-mysql <none> pn erlang-p1-oauth2 <none> pn erlang-p1-pam <none> pn erlang-p1-pgsql <none> pn erlang-p1-sip <none> pn erlang-p1-sqlite3 <none> pn erlang-redis-client <none> ii imagemagick 8:6.9.11.60+dfsg-1.6 ii imagemagick-6.q16 [imagemagick] 8:6.9.11.60+dfsg-1.6 ii libunix-syslog-perl 1.1-4+b1 pn yamllint <none> -- Configuration Files: /etc/default/ejabberd changed [not included] /etc/ejabberd/inetrc [Errno 13] Permission denied: '/etc/ejabberd/inetrc' /etc/ejabberd/modules.d/README.modules [Errno 13] Permission denied: '/etc/ejabberd/modules.d/README.modules' -- debconf information excluded