1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Bryan O'Shea wrote: |
5 |
|
6 |
| I have had these scans/logins attempted on one of my servers. |
7 |
| I see all the attempts for guest,admin,test in my logs. |
8 |
| They also show up when i run the command 'last' |
9 |
| to see what users obviously have last logged in and a user test |
10 |
| shows up. The log in time shows for 0 time logged in. I did not know |
11 |
| that incorrect login attempts would show in the output of the command |
12 |
| 'last' or even users that don't exist on the system. |
13 |
| Maybe someone can explain what this means? |
14 |
|
15 |
Incorrect login attempts should NOT show up (or at least they don't for |
16 |
me). This would imply that the user did log in successfully. Do you have |
17 |
a user by the name of ``test''? Perhaps with it's shell set to |
18 |
/bin/false so that it cannot log in to a working shell? |
19 |
|
20 |
Or are you perhaps running an out of date version of OpenSSH (like, a |
21 |
year out of date)? |
22 |
|
23 |
Seeing as I've yet to hear of an exploit on a patched system with no |
24 |
vulnerable users/passwords, I had been assuming there is no 0day exploit |
25 |
out there to be concerned about. But perhaps you can confirm differently |
26 |
for us. |
27 |
|
28 |
- -- |
29 |
Dan ("KrispyKringle") |
30 |
Gentoo Linux Security Coordinator |
31 |
-----BEGIN PGP SIGNATURE----- |
32 |
Version: GnuPG v1.2.4 (Darwin) |
33 |
|
34 |
iQEVAwUBQQ6cSLDO2aFJ9pv2AQIAYwf7B6QbCv3RcJiGJKPV3FjBr4Z/Ry/YNwvj |
35 |
8Lfr9YWj9N0k+j0O7fPDHsESAF1xNhL4CkJB5biYPUz+xkDG3eEPHFzfRiLyuT3J |
36 |
b3rG86AIgd81dbjgmC0AWV7ctj/emmhwO5ud73BI56NRcnAFiVDUnzc/P3nGMpGB |
37 |
Z7E6IrJSJg4TfTph2v924oYcTBhxKDDA3sHYSxYqrzw98/DNBOr2EaLO/g6EhrEY |
38 |
awOr8QeBkRdcPNnNuOK6oULU7GnrBXJGwtjfw9wYQ6gWGZsZ1bJDCTfFciaPakC7 |
39 |
6wuNrr8ZXgO6KOBqBMcPkG6L5QCVWugBpW6XxbLjhZHfX+ztArr91A== |
40 |
=ffxq |
41 |
-----END PGP SIGNATURE----- |
42 |
|
43 |
-- |
44 |
gentoo-security@g.o mailing list |