Re: auth.log: su(to root) fails 1000 times /min?

[Brandon Mitchell]

On Sat, 14 Jun 1997, joost witteveen wrote:

> 
> >From my /var/adm/log.auth:
> Jun 12 23:05:57 rulcmc su: FAILED SU (to root) joost on none
> Jun 12 23:06:28 rulcmc last message repeated 552 times

Looks like a program caught in an infinite loop.  Check for processes
under your user name that are hoging all the cpu time using "ps aux".
Since it is on none, it reminds me of a crontab or a boot message, but the
time looks a bit off for that.  Do you have any scripts that have an su
placed in a loop.

HTH,
Brandon

-
Brandon Mitchell E-mail: [EMAIL PROTECTED]
  Homepage: http://www.geocities.com/SiliconValley/7877/home.html

"We all know Linux is great...it does infinite loops in 5 seconds."
--Linus Torvalds


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

auth.log: su(to root) fails 1000 times /min?

[joost witteveen]

>From my /var/adm/log.auth:

Jun 12 20:53:57 rulcmc su: (to root) joost on /dev/ttyp6
Jun 12 21:00:20 rulcmc su: (to root) joost on /dev/ttyp6
Jun 12 23:05:57 rulcmc su: FAILED SU (to root) joost on none
Jun 12 23:06:28 rulcmc last message repeated 552 times
Jun 12 23:07:29 rulcmc last message repeated 1069 times
Jun 12 23:08:30 rulcmc last message repeated 1165 times
[and so on, for hours]

Hell, I know I often misspell my root passwd, but 1165 times in 61
seconds? No, I'm sure I never did that.

Does anybody know what may cause this?

("joost" is myself, and I'm quite sure nobody else who just cracked
my "joost" passwd would start attempting to su to root with thousands
different passwds: once somebody 's got "joost", they've got root
without cracking the root passwd).

-- 
joost witteveen, [EMAIL PROTECTED]
#!/usr/bin/perl -sp0777ihttp://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .