The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LogWatch question

Discussion in 'General Discussion' started by FourMat, Dec 23, 2004.

  1. FourMat

    FourMat Active Member

    Joined:
    Jun 10, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    I received my log watch this morning to find some abnormal messages:

    Code:
     --------------------- Kernel Begin ------------------------ 
    
    WARNING:  Kernel Errors Present
       81.201.202.40 sent an invalid ICMP type 3, code 3 error to a broadcast: ...:  1Time(s)
    
     ---------------------- Kernel End ------------------------- 
     --------------------- pam_unix Begin ------------------------ 
    sshd:
       Invalid Users:
          Unknown Account: 12 Time(s)
       Authentication Failures:
          root (208.241.216.139 ): 6 Time(s)
          unknown (208.241.216.139 ): 12 Time(s)
          nobody (203.255.37.132 ): 1 Time(s)
     ---------------------- pam_unix End ------------------------- 
    
     --------------------- Connections (secure-log) Begin ------------------------ 
    New Users:
       named (25)
    
    Deleted Users:
       named 
    
    Deleted Groups:
       named 
    
    I am a little concerned aout the kernel error that seems to have come from an IP that isn't associated with my server. It doesn't seem critical, but should I be worried about this?

    Also, what is the likely cause of the "named" New User/Deleted User/Deleted Groups?

    Would it be caused by any of these package installations? (I assume it would be from bind, but just want to make sure)

    Code:
    Package Installed:
       ['at-3.1.8-60_EL3', 'autofs-4.1.3-47', 'bind-9.2.4-1_EL3', 'bind-devel-9.2.4-1_EL3', 'bind-libs-9.2.4-1_EL3', 'bind-utils-9.2.4-1_EL3', 'comps-3ES-0.20041216', 'cpp-3.2.3-49', 'devlabel-0.48.03-6', 'dhclient-3.0.1-10_EL3', 'dhcp-3.0.1-10_EL3', 'firstboot-1.1.31-1', 'gcc-3.2.3-49', 'gcc-c++-3.2.3-49', 'gcc-g77-3.2.3-49', 'gcc-gnat-3.2.3-49', 'gcc-java-3.2.3-49', 'gcc-objc-3.2.3-49', 'gdb-6.1post-1.20040607.52', 'gimp-print-4.2.4-5.1', 'hwdata-0.101.14-1', 'initscripts-7.31.18.EL-1', 'ipsec-tools-0.2.5-0.6', 'krb5-devel-1.2.7-31', 'krb5-libs-1.2.7-31', 'krb5-workstation-1.2.7-31', 'kudzu-1.1.22.9-1', 'kudzu-devel-1.1.22.9-1', 'laus-libs-0.1-66RHEL3', 'libf2c-3.2.3-49', 'libgcc-3.2.3-49', 'libgcj-3.2.3-49', 'libgcj-devel-3.2.3-49', 'libgnat-3.2.3-49', 'libobjc-3.2.3-49', 'libstdc++-3.2.3-49', 'libstdc++-devel-3.2.3-49', 'libuser-0.51.7-1.EL3.3', 'libuser-devel-0.51.7-1.EL3.3', 'losetup-2.11y-31.2', 'lvm-1.0.8-9', 'metacity-2.4.55-7.12', 'modutils-2.4.25-14.EL', 'modutils-devel-2.4.25-14.EL', 'mount-2.11y-31.2', 'net-snmp-5.0.9-2.30E.12', 'net-snmp-devel-5.0.9-2.30E.12', 'net-tools-1.60-20E.1', 'netconfig-0.8.19-1.1', 'pam-0.75-62', 'pam-devel-0.75-62', 'perl-DateManip-5.42a-0.rhel3', 'popt-1.8.2-13', 'procps-2.0.17-13', 'python-2.2.3-6', 'python-devel-2.2.3-6', 'python-tools-2.2.3-6', 'quota-3.10-4', 'redhat-config-netboot-0.1.5-1', 'redhat-config-securitylevel-1.2.9.2-1', 'redhat-config-securitylevel-tui-1.2.9.2-1', 'redhat-lsb-1.3-3.1.EL3', 'rhn-applet-2.1.18-4', 'rpm-4.2.3-13', 'rpm-build-4.2.3-13', 'rpm-devel-4.2.3-13', 'rpm-libs-4.2.3-13', 'rpm-python-4.2.3-13', 'rpmdb-redhat-3-0.20041216', 'spamassassin-2.55-3.4', 'tcsh-6.12-11.EL3', 'tftp-0.39-0.EL3.1', 'tftp-server-0.39-0.EL3.1', 'tkinter-2.2.3-6', 'tzdata-2004e-1.EL', 'up2date-4.2.57-2', 'up2date-gnome-4.2.57-2', 'usermode-1.68-5E.2', 'usermode-gtk-1.68-5E.2', 'util-linux-2.11y-31.2', 'vim-common-6.3.029-1.30E.3', 'vim-enhanced-6.3.029-1.30E.3', 'vim-minimal-6.3.029-1.30E.3', 'vsftpd-1.2.1-3E.1', 'yp-tools-2.8-6', 'ypserv-2.8-11', 'net-snmp-libs-5.0.9-2.30E.12'] 
    Thanks.
     
  2. fikse

    fikse Well-Known Member

    Joined:
    May 10, 2003
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page