From owner-freebsd-questions  Mon Apr 10 14: 3:17 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from miquiztli.fisica.uson.mx (miquiztli.fisica.uson.mx [148.225.72.133])
	by hub.freebsd.org (Postfix) with ESMTP id 283AC37B687
	for <freebsd-questions@FreeBSD.ORG>; Mon, 10 Apr 2000 14:03:12 -0700 (PDT)
	(envelope-from vsoto@miquiztli.fisica.uson.mx)
Received: from localhost (vsoto@localhost)
          by miquiztli.fisica.uson.mx (8.8.4/8.8.4) with SMTP
	  id PAA02778 for <freebsd-questions@FreeBSD.ORG>; Mon, 10 Apr 2000 15:19:11 -0600
Date: Mon, 10 Apr 2000 15:19:11 -0600 (MDT)
From: "Victor Soto V." <vsoto@miquiztli.fisica.uson.mx>
To: FreeBSD questions <freebsd-questions@FreeBSD.ORG>
Subject: Log messages...
Message-ID: <Pine.LNX.3.95.1000410145437.2727B-100000@miquiztli.fisica.uson.mx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi all!
Recently I have seen these messages (among others) in /var/log/messages:

messages:Apr  7 19:18:14 sarajuana rshd[187]: no modules loaded for `rshd' service
messages:Apr  7 19:18:14 sarajuana rshd[187]: auth_pam: Permission denied
messages:Apr  7 19:18:14 sarajuana rshd[187]: PAM authentication failed
messages:Apr  8 13:40:47 sarajuana rshd[462]: no modules loaded for `rshd' service
messages:Apr  8 13:40:47 sarajuana rshd[462]: auth_pam: Permission denied
messages:Apr  8 13:40:47 sarajuana rshd[462]: PAM authentication failed
messages:Apr 10 13:41:05 sarajuana rshd[10861]: no modules loaded for `rshd' service
messages:Apr 10 13:41:05 sarajuana rshd[10861]: auth_pam: Permission denied
messages:Apr 10 13:41:05 sarajuana rshd[10861]: PAM authentication failed
messages:Apr 10 13:42:49 sarajuana rshd[10862]: no modules loaded for `rshd' service
messages:Apr 10 13:42:49 sarajuana rshd[10862]: auth_pam: Permission denied
messages:Apr 10 13:42:49 sarajuana rshd[10862]: PAM authentication failed

This looks suspicious to me, I didn't know what rsh is until now (newbie).
Is this dangerous??
I saw too that the file /var/log/security is empty, I would like to log
there all the login failures, bad su's, the location of all the remote
conections, etc.
What does the line:
security.*				/var/log/security
in /etc/syslog.conf does?

Thanks.

Victor.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message