Something of interest in my Logwatch log...

**ryan.overton** · 03-06-2006 10:02 AM

Does this look suspicious to anyone else but me?

this wouldnt be cpanel related would it?

never seen this before, and no one on our side has done any of this, didnt know if it was automated or not.

Code:

**Unmatched Entries**
snoopy[9428]: [(null), uid:0 sid:9001]: /etc/cron.daily/makewhatis.cron
snoopy[9429]: [(null), uid:0 sid:9001]: awk -v progname=/etc/cron.daily/makewh
snoopy[9430]: [(null), uid:0 sid:9001]: touch /var/lock/makewhatis.lock 
snoopy[9431]: [(null), uid:0 sid:9001]: makewhatis -u -w 
snoopy[9432]: [(null), uid:0 sid:9001]: basename /usr/sbin/makewhatis 
snoopy[9433]: [(null), uid:0 sid:9001]: mktemp -d /tmp/makewhatisXXXXXX 
snoopy[9434]: [(null), uid:0 sid:9001]: chmod 0700 /tmp/makewhatismYlzpZ 
snoopy[9435]: [(null), uid:0 sid:9001]: man --path 
snoopy[9438]: [(null), uid:0 sid:9001]: tr :   
snoopy[9441]: [(null), uid:0 sid:9001]: tr :   
snoopy[9443]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9444]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9445]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9446]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9447]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9448]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9450]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9449]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9451]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9452]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9453]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9454]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9455]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9456]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9457]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9458]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9459]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9460]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9461]: [(null), uid:0 sid:9001]: find . -name * -newer /var/cache/man/whatis -print 
snoopy[9462]: [(null), uid:0 sid:9001]: /usr/bin/awk   	    function readline() { 	 
snoopy[9463]: [(null), uid:0 sid:9001]: cat /var/cache/man/whatis 
snoopy[9464]: [(null), uid:0 sid:9001]: sed /^$/d 
snoopy[9465]: [(null), uid:0 sid:9001]: sort 
snoopy[9466]: [(null), uid:0 sid:9001]: uniq 
snoopy[9467]: [(null), uid:0 sid:9001]: chmod 644 /var/cache/man/whatis 
snoopy[9468]: [(null), uid:0 sid:9001]: rm /tmp/makewhatismYlzpZ/w

**ryan.overton** · 03-06-2006 10:03 AM

Code:

snoopy[11781]: [(null), uid:0 sid:10734]: zcat ./pnmtorast.1.gz 
snoopy[11782]: [(null), uid:0 sid:10734]: zcat ./pnmtorle.1.gz 
snoopy[11783]: [(null), uid:0 sid:10734]: zcat ./pnmtosgi.1.gz 
snoopy[11784]: [(null), uid:0 sid:10734]: zcat ./pnmtosir.1.gz 
snoopy[11785]: [(null), uid:0 sid:10734]: zcat ./pnmtotiff.1.gz 
snoopy[11786]: [(null), uid:0 sid:10734]: zcat ./pnmtotiffcmyk.1.gz 
snoopy[11787]: [(null), uid:0 sid:10734]: zcat ./pnmtoxwd.1.gz 
snoopy[11788]: [(null), uid:0 sid:10734]: zcat ./ppm3d.1.gz 
snoopy[11789]: [(null), uid:0 sid:10734]: zcat ./ppmbrighten.1.gz 
snoopy[11790]: [(null), uid:0 sid:10734]: zcat ./ppmchange.1.gz 
snoopy[11791]: [(null), uid:0 sid:10734]: zcat ./ppmcie.1.gz 
snoopy[11792]: [(null), uid:0 sid:10734]: zcat ./ppmcolormask.1.gz 
snoopy[11793]: [(null), uid:0 sid:10734]: zcat ./ppmcolors.1.gz

**ryan.overton** · 03-06-2006 10:05 AM

Code:

snoopy[18397]: [(null), uid:0 sid:10734]: find . -name * -print 
snoopy[18398]: [(null), uid:0 sid:10734]: /usr/bin/awk   	    function readline() { 	 
snoopy[18399]: [(null), uid:0 sid:10734]: find . -name * -print 
snoopy[18400]: [(null), uid:0 sid:10734]: /usr/bin/awk   	    function readline() { 	 
snoopy[18401]: [(null), uid:0 sid:10734]: find . -name * -print 
snoopy[18402]: [(null), uid:0 sid:10734]: /usr/bin/awk   	    function readline() { 	 
snoopy[18403]: [(null), uid:0 sid:10734]: find . -name * -print 
snoopy[18404]: [(null), uid:0 sid:10734]: /usr/bin/awk   	    function readline() { 	 
snoopy[18405]: [(null), uid:0 sid:10734]: find . -name * -print 
snoopy[18406]: [(null), uid:0 sid:10734]: /usr/bin/awk   	    function readline() { 	 
snoopy[18407]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18408]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18409]: [(null), uid:0 sid:10734]: sort 
snoopy[18410]: [(null), uid:0 sid:10734]: uniq 
snoopy[18411]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18412]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18414]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18415]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18416]: [(null), uid:0 sid:10734]: sort 
snoopy[18417]: [(null), uid:0 sid:10734]: uniq 
snoopy[18418]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18419]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18421]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18422]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18423]: [(null), uid:0 sid:10734]: sort 
snoopy[18424]: [(null), uid:0 sid:10734]: uniq 
snoopy[18425]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18426]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18428]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18429]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18430]: [(null), uid:0 sid:10734]: sort 
snoopy[18431]: [(null), uid:0 sid:10734]: uniq 
snoopy[18432]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18433]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18435]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18436]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18437]: [(null), uid:0 sid:10734]: sort 
snoopy[18438]: [(null), uid:0 sid:10734]: uniq 
snoopy[18439]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18440]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18442]: [(null), uid:0 sid:10734]: cat /var/cache/man/whatis 
snoopy[18443]: [(null), uid:0 sid:10734]: sed /^$/d 
snoopy[18444]: [(null), uid:0 sid:10734]: sort 
snoopy[18445]: [(null), uid:0 sid:10734]: uniq 
snoopy[18446]: [(null), uid:0 sid:10734]: chmod 644 /var/cache/man/whatis 
snoopy[18447]: [(null), uid:0 sid:10734]: rm /tmp/makewhatisl74uKC/w 
snoopy[18448]: [(null), uid:0 sid:10734]: rm -rf /tmp/makewhatisl74uKC 
snoopy[18449]: [(null), uid:0 sid:10734]: rm -rf /tmp/makewhatisl74uKC 
snoopy[18450]: [(null), uid:0 sid:10734]: rm -f /var/lock/makewhatis.lock 
snoopy[18524]: [(null), uid:0 sid:18523]: /usr/local/cpanel/bin/dcpumon 
snoopy[18530]: [(null), uid:0 sid:18523]: /bin/csh -cf set nonomatch; glob /var/log/dc
snoopy[18532]: [(null), uid:0 sid:18523]: /bin/csh -cf set nonomatch; glob /var/log/dc
snoopy[18537]: [(null), uid:0 sid:18537]: imapd 
snoopy[18562]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqQt-0004pJ-Op 
snoopy[18570]: [(null), uid:0 sid:18570]: imapd 
snoopy[18585]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqRI-0004pk-IL 
snoopy[18598]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqRV-0004px-1h 
snoopy[18615]: [(null), uid:0 sid:18615]: imapd 
snoopy[18655]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqSM-0004qn-Kl 
snoopy[18680]: [(null), uid:0 sid:18680]: imapd 
snoopy[18693]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqTB-0004rT-N0 
snoopy[18701]: [(null), uid:0 sid:18701]: imapd 
snoopy[18759]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqUZ-0004sU-NR 
snoopy[18767]: [(null), uid:0 sid:18767]: imapd 
snoopy[18769]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqUh-0004sf-2n 
snoopy[18784]: [(null), uid:0 sid:18783]: /usr/local/cpanel/bin/dcpumon 
snoopy[18787]: [(null), uid:0 sid:18786]: /usr/local/cpanel/whostmgr/bin/
snoopy[18793]: [(null), uid:0 sid:18783]: /bin/csh -cf set nonomatch; glob /var/log/dc
snoopy[18795]: [(null), uid:0 sid:18783]: /bin/csh -cf set nonomatch; glob /var/log/dc
snoopy[18810]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqVI-0004tK-3r 
snoopy[18987]: [(null), uid:0 sid:18987]: imapd 
snoopy[19010]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqXh-0004wY-Mc 
snoopy[19030]: [(null), uid:47 sid:14842]: /usr/sbin/exim -Mc 1FFqYH-0004wu-37 
snoopy[19044]: [(null), uid:47 sid:14842]: /usr/sbin/exim -q

**chirpy** · 03-06-2006 10:06 AM

That's from whatis processing, probably in /etc/cron.weekly/makewhatis.cron which you probably never use (whatis) so isn't anything to worry about.

**ryan.overton** · 03-06-2006 10:14 AM

hah.. yeah, Im new here, so I dont have access to the logs prior, but they magically appear every monday morning. Thanks!

Originally Posted by chirpy

That's from whatis processing, probably in /etc/cron.weekly/makewhatis.cron which you probably never use (whatis) so isn't anything to worry about.

LinkBack

Thread Tools

Something of interest in my Logwatch log...

/etc/log.d//lib/Logwatch.pm

Rare logwatch log.. ¿?

Any Interest? [cPanel modules]

I'm possibly alone in my interest, but...