| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Bryan O'Shea wrote: |
| 5 |
|
| 6 |
| I have had these scans/logins attempted on one of my servers. |
| 7 |
| I see all the attempts for guest,admin,test in my logs. |
| 8 |
| They also show up when i run the command 'last' |
| 9 |
| to see what users obviously have last logged in and a user test |
| 10 |
| shows up. The log in time shows for 0 time logged in. I did not know |
| 11 |
| that incorrect login attempts would show in the output of the command |
| 12 |
| 'last' or even users that don't exist on the system. |
| 13 |
| Maybe someone can explain what this means? |
| 14 |
|
| 15 |
Incorrect login attempts should NOT show up (or at least they don't for |
| 16 |
me). This would imply that the user did log in successfully. Do you have |
| 17 |
a user by the name of ``test''? Perhaps with it's shell set to |
| 18 |
/bin/false so that it cannot log in to a working shell? |
| 19 |
|
| 20 |
Or are you perhaps running an out of date version of OpenSSH (like, a |
| 21 |
year out of date)? |
| 22 |
|
| 23 |
Seeing as I've yet to hear of an exploit on a patched system with no |
| 24 |
vulnerable users/passwords, I had been assuming there is no 0day exploit |
| 25 |
out there to be concerned about. But perhaps you can confirm differently |
| 26 |
for us. |
| 27 |
|
| 28 |
- -- |
| 29 |
Dan ("KrispyKringle") |
| 30 |
Gentoo Linux Security Coordinator |
| 31 |
-----BEGIN PGP SIGNATURE----- |
| 32 |
Version: GnuPG v1.2.4 (Darwin) |
| 33 |
|
| 34 |
iQEVAwUBQQ6cSLDO2aFJ9pv2AQIAYwf7B6QbCv3RcJiGJKPV3FjBr4Z/Ry/YNwvj |
| 35 |
8Lfr9YWj9N0k+j0O7fPDHsESAF1xNhL4CkJB5biYPUz+xkDG3eEPHFzfRiLyuT3J |
| 36 |
b3rG86AIgd81dbjgmC0AWV7ctj/emmhwO5ud73BI56NRcnAFiVDUnzc/P3nGMpGB |
| 37 |
Z7E6IrJSJg4TfTph2v924oYcTBhxKDDA3sHYSxYqrzw98/DNBOr2EaLO/g6EhrEY |
| 38 |
awOr8QeBkRdcPNnNuOK6oULU7GnrBXJGwtjfw9wYQ6gWGZsZ1bJDCTfFciaPakC7 |
| 39 |
6wuNrr8ZXgO6KOBqBMcPkG6L5QCVWugBpW6XxbLjhZHfX+ztArr91A== |
| 40 |
=ffxq |
| 41 |
-----END PGP SIGNATURE----- |
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-security@g.o mailing list |
Archives