| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Bryan O'Shea wrote: |
| 5 |
|
| 6 |
| After further investigation I have gone through all my backup logs and |
| 7 |
| noticed a user test was installed on the attempts in question. The user |
| 8 |
| was later deleted by a bulk user cleanup script I run to delete old |
| 9 |
| accounts. I further saw login attempts in my logs for the user test |
| 10 |
| after the account was deleted and no entries showed up in my 'last' |
| 11 |
| output on further login attempts. I had the shell set to /bin/false. |
| 12 |
|
| 13 |
I assume you mean you or a package installed the user test intentionally |
| 14 |
and used it to log in? |
| 15 |
|
| 16 |
Don't apologize; you had me scared for a while, but I'm sure we're all |
| 17 |
just relieved to learn that this isn't evidence for some ruthless, |
| 18 |
unstoppable attack. ;) |
| 19 |
|
| 20 |
- -- |
| 21 |
Dan ("KrispyKringle") |
| 22 |
Gentoo Linux Security Coordinator |
| 23 |
-----BEGIN PGP SIGNATURE----- |
| 24 |
Version: GnuPG v1.2.4 (Darwin) |
| 25 |
|
| 26 |
iQEVAwUBQQ+jprDO2aFJ9pv2AQJ5WAf8DioTpjGLMJ82KHskNEh0Z+lc1uduk02R |
| 27 |
HSu+3GgGtxo5rlqRTfaP00bQ0k4gbtRKLwFSNUkpYI0NRPF7eNNYAK6hOySkEvZj |
| 28 |
K0NnFTZYmtnGJRHmPB1GIcRPjvsPNAEpwL1lolyu8Wyelyd2AL86KNN6Ww32wVlR |
| 29 |
hRP/Rq6hCHOxs9hY0wMcXSVl+LYenyg4yY1nbmfw7MuD69r0nihxTgEv4WOAeYH0 |
| 30 |
ruK/Gxv/5KEBmDJPf0g2SJqtrOesWzIYiYsTdEJsG+nnih4vf2gkAU0NZ5Li0sGi |
| 31 |
mB+f3sgDIqkhWQdQHc58nr2M0hjV2JqXMeaCfgn+cB450yisrY8J5g== |
| 32 |
=+8bd |
| 33 |
-----END PGP SIGNATURE----- |
| 34 |
|
| 35 |
-- |
| 36 |
gentoo-security@g.o mailing list |
Archives