Are there any telnet or ssh sessions previous to that one?
Some su'd to nobody but your log has to have something else, unless
linuxconf is su'ing to nobody to configure apache or something like that.
Leo
Mulligan, Michael (DIS) wrote:
> Would someone please tell me what these log entries mean? We have been
> notified of some dubious activities being performed on other servers via
> ours, but this is all we can find in our logs that seems odd.
>
> It is the (su) that concerns us.
>
> Nov 9 01:02:01 starlite PAM_pwdb[32495]: (su) session opened for user
> nobody by (uid=99)
> Nov 9 01:02:24 starlite PAM_pwdb[32495]: (su) session closed for user
> nobody
>
> thanks
> Michael
>
> ---
> You are currently subscribed to linuxconf as: [EMAIL PROTECTED]
> To unsubscribe, forward this message to [EMAIL PROTECTED]
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
