Matthijs <[EMAIL PROTECTED]> writes: > Since a few days, Logcheck reports a lot of messages like this: > > --------------------------------------------------------------------- > Security Violations for su > =-=-=-=-=-=-=-=-=-=-=-=-=- > Mar 30 06:25:02 MyMail su[13083]: (pam_unix) session opened for user > nobody by (uid=0) > --------------------------------------------------------------------- > > I've had similar messages for various users for cron and sshd. > > Should I be worried?
Probably not. > The only way I can read this messages is that user 'nobody' has done a > 'su' - become root. No, it's the other way around: 'root' has used 'su' to become 'nobody'. This is probably part of a script (run by a cronjob?). Martin -- ,--. Martin Dickopp, Dresden, Germany ,= ,-_-. =. / ,- ) http://www.zero-based.org/ ((_/)o o(\_)) \ `-' `-'(. .)`-' `-. Debian, a variant of the GNU operating system. \_/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
