OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ralf Ronneburger (ralfronneburger.de)
Date: Sat Apr 13 2002 - 07:01:13 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Andreas,

    the nobody-entry in the log means, that some regular tasks where
    performed. In order to be more secure it is common to perform as many
    tasks a possible with an unprivileged account. The least account of
    these is nobody, so this is used in your case. That's probably not the
    reason for your system-crash. Run last to find out, how long the system
    was up, then try to find something in the log files, that corresponds to
    the crash-time. I'd look into /var/log/messages first, if there's
    nothing then check the other logs.

    Best regards,

    Ralf

    >
    >last log thing is:
    >Apr 13 00:15:29 linux su: (to nobody) root on none
    >Apr 13 00:15:29 linux PAM-unix2[1215]: session started for user nobody, service su
    >Apr 13 00:15:49 linux pppd[214]: sent [LCP EchoReq id=0xbe magic=0xba891d2]
    >Apr 13 00:15:49 linux pppd[214]: rcvd [LCP EchoRep id=0xbe magic=0x6e7cdfb8]
    >Apr 13 00:16:09 linux pppd[214]: sent [LCP EchoReq id=0xbf magic=0xba891d2]
    >Apr 13 00:16:09 linux pppd[214]: rcvd [LCP EchoRep id=0xbf magic=0x6e7cdfb8]
    >Apr 13 00:16:21 linux PAM-unix2[1215]: session finished for user nobody, service su
    >
    >in messages. what does this mean? Nobody was working at this time!
    >
    >thanks in advance
    >
    >Andreas
    >--_OPERAB__-x0s3yvauQ3lmYTFVC3nEYO--
    > 

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here