1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Bryan O'Shea wrote: |
5 |
|
6 |
| After further investigation I have gone through all my backup logs and |
7 |
| noticed a user test was installed on the attempts in question. The user |
8 |
| was later deleted by a bulk user cleanup script I run to delete old |
9 |
| accounts. I further saw login attempts in my logs for the user test |
10 |
| after the account was deleted and no entries showed up in my 'last' |
11 |
| output on further login attempts. I had the shell set to /bin/false. |
12 |
|
13 |
I assume you mean you or a package installed the user test intentionally |
14 |
and used it to log in? |
15 |
|
16 |
Don't apologize; you had me scared for a while, but I'm sure we're all |
17 |
just relieved to learn that this isn't evidence for some ruthless, |
18 |
unstoppable attack. ;) |
19 |
|
20 |
- -- |
21 |
Dan ("KrispyKringle") |
22 |
Gentoo Linux Security Coordinator |
23 |
-----BEGIN PGP SIGNATURE----- |
24 |
Version: GnuPG v1.2.4 (Darwin) |
25 |
|
26 |
iQEVAwUBQQ+jprDO2aFJ9pv2AQJ5WAf8DioTpjGLMJ82KHskNEh0Z+lc1uduk02R |
27 |
HSu+3GgGtxo5rlqRTfaP00bQ0k4gbtRKLwFSNUkpYI0NRPF7eNNYAK6hOySkEvZj |
28 |
K0NnFTZYmtnGJRHmPB1GIcRPjvsPNAEpwL1lolyu8Wyelyd2AL86KNN6Ww32wVlR |
29 |
hRP/Rq6hCHOxs9hY0wMcXSVl+LYenyg4yY1nbmfw7MuD69r0nihxTgEv4WOAeYH0 |
30 |
ruK/Gxv/5KEBmDJPf0g2SJqtrOesWzIYiYsTdEJsG+nnih4vf2gkAU0NZ5Li0sGi |
31 |
mB+f3sgDIqkhWQdQHc58nr2M0hjV2JqXMeaCfgn+cB450yisrY8J5g== |
32 |
=+8bd |
33 |
-----END PGP SIGNATURE----- |
34 |
|
35 |
-- |
36 |
gentoo-security@g.o mailing list |