1 |
On Tue, 3 Aug 2004, Dan Margolis wrote: |
2 |
|
3 |
> --[PinePGP]--------------------------------------------------[begin]-- |
4 |
> Bryan O'Shea wrote: |
5 |
> |
6 |
> | After further investigation I have gone through all my backup logs and |
7 |
> | noticed a user test was installed on the attempts in question. The user |
8 |
> | was later deleted by a bulk user cleanup script I run to delete old |
9 |
> | accounts. I further saw login attempts in my logs for the user test |
10 |
> | after the account was deleted and no entries showed up in my 'last' |
11 |
> | output on further login attempts. I had the shell set to /bin/false. |
12 |
> |
13 |
> I assume you mean you or a package installed the user test intentionally |
14 |
> and used it to log in? |
15 |
|
16 |
Yes the user test was installed intentionally to run some test software on |
17 |
the system. It happened to have a weak pasword and the ssh scans/attempts |
18 |
just happend to coincide during/before I removed that user. |
19 |
|
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |