| 1 |
On Tue, 3 Aug 2004, Dan Margolis wrote: |
| 2 |
|
| 3 |
> --[PinePGP]--------------------------------------------------[begin]-- |
| 4 |
> Bryan O'Shea wrote: |
| 5 |
> |
| 6 |
> | After further investigation I have gone through all my backup logs and |
| 7 |
> | noticed a user test was installed on the attempts in question. The user |
| 8 |
> | was later deleted by a bulk user cleanup script I run to delete old |
| 9 |
> | accounts. I further saw login attempts in my logs for the user test |
| 10 |
> | after the account was deleted and no entries showed up in my 'last' |
| 11 |
> | output on further login attempts. I had the shell set to /bin/false. |
| 12 |
> |
| 13 |
> I assume you mean you or a package installed the user test intentionally |
| 14 |
> and used it to log in? |
| 15 |
|
| 16 |
Yes the user test was installed intentionally to run some test software on |
| 17 |
the system. It happened to have a weak pasword and the ssh scans/attempts |
| 18 |
just happend to coincide during/before I removed that user. |
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives