Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Jul 2005 15:39:46 +0100
From:      Stacey Roberts <stacey@vickiandstacey.com>
To:        freebsd-questions@FreeBSD.org
Subject:   Strange messages log entry
Message-ID:  <20050716143946.GA88475@crom.vickiandstacey.com>

next in thread | raw e-mail | index | archive | help

--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,
     I've noted a strange entry in /var/log/messages on machine here that I=
'm hoping someone might be able to shed some light on, please. Here is what=
 I found:

su: _secure_path: /nonexistent/.login_conf is not
owned by uid 65534

There are two (2) entries at exactly 04:15 this morning, and they are the o=
nly two entries of this kind in /var/log/messages, and I can't think what i=
t is that could be the origin of them.=20

The machine itself is only running rsync as the only really active service,=
 and is behind a Cisco c-2514 running CBAC with STATIC (for this machine on=
ly) and DYNAMIC NAT, and there is another firewall in front of this Cisco f=
or the whole local network.

The static NAT entry on the router is set up in order to construct an ACL e=
ntry that permits only one laptop to backup its files to the FreeBSD server=
 via rsync. The laptop itself has not been powered up for over a week now a=
nd was not on at the time of the log entry.

Here's what's running on the server:

# sockstat -4l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
ADDRESS
root     rsync      635   5  tcp4   *:873                 *:*
root     portsentry 499   0  udp4   *:1                   *:*
root     portsentry 499   1  udp4   *:7                   *:*
root     portsentry 499   2  udp4   *:9                   *:*
root     portsentry 499   3  udp4   *:69                  *:*
root     portsentry 499   4  udp4   *:161                 *:*
root     portsentry 499   5  udp4   *:162                 *:*
root     portsentry 499   6  udp4   *:513                 *:*
root     portsentry 499   7  udp4   *:635                 *:*
root     portsentry 499   8  udp4   *:640                 *:*
root     portsentry 499   9  udp4   *:641                 *:*
root     portsentry 499   10 udp4   *:700                 *:*
root     portsentry 499   11 udp4   *:37444               *:*
root     portsentry 499   12 udp4   *:34555               *:*
root     portsentry 499   13 udp4   *:31335               *:*
root     portsentry 499   14 udp4   *:32770               *:*
root     portsentry 499   15 udp4   *:32771               *:*
root     portsentry 499   16 udp4   *:32772               *:*
root     portsentry 499   17 udp4   *:32773               *:*
root     portsentry 499   18 udp4   *:32774               *:*
root     portsentry 499   19 udp4   *:31337               *:*
root     portsentry 499   20 udp4   *:54321               *:*
root     portsentry 497   0  tcp4   *:1                   *:*
root     portsentry 497   1  tcp4   *:11                  *:*
root     portsentry 497   2  tcp4   *:15                  *:*
root     portsentry 497   3  tcp4   *:79                  *:*
root     portsentry 497   4  tcp4   *:111                 *:*
root     portsentry 497   5  tcp4   *:119                 *:*
root     portsentry 497   6  tcp4   *:143                 *:*
root     portsentry 497   7  tcp4   *:540                 *:*
root     portsentry 497   8  tcp4   *:635                 *:*
root     portsentry 497   9  tcp4   *:1080                *:*
root     portsentry 497   10 tcp4   *:1524                *:*
root     portsentry 497   11 tcp4   *:2000                *:*
root     portsentry 497   12 tcp4   *:5742                *:*
root     portsentry 497   13 tcp4   *:6667                *:*
root     portsentry 497   14 tcp4   *:12345               *:*
root     portsentry 497   15 tcp4   *:12346               *:*
root     portsentry 497   16 tcp4   *:20034               *:*
root     portsentry 497   17 tcp4   *:27665               *:*
root     portsentry 497   18 tcp4   *:31337               *:*
root     portsentry 497   19 tcp4   *:32771               *:*
root     portsentry 497   20 tcp4   *:32772               *:*
root     portsentry 497   21 tcp4   *:32773               *:*
root     portsentry 497   22 tcp4   *:32774               *:*
root     portsentry 497   23 tcp4   *:40421               *:*
root     portsentry 497   24 tcp4   *:49724               *:*
root     portsentry 497   25 tcp4   *:54320               *:*
root     sendmail   465   4  tcp4   127.0.0.1:25          *:*
root     sshd       459   4  tcp4   *:22                  *:*
#

SSHD access to the server is only available to one other machine in that Ci=
sco protected network that is not accessible from anywhere else on either t=
he Cisco-protected network, nor any other networks locally, or externally.

If anyone is able to provide any hints as to where that entry might have co=
me from, or any information as to what it literally means, I'd appreciate i=
t greatly. If there are any other bits of information I can provide, then p=
lease let me know.


Thanks for the time.

Regards,

Stacey


--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUBQtkcLdetyy/wI4UpAQEOIggA2XRyEkd9+h5udI7mvWgtidn8HSw2NH/g
uyNmM1auR8A4WIQMzT1DUuC0gpTRyEGXNxphEHj3WVaMxa1zbzHtIzV0vpU+wqEm
EqBzxxNYz6OCTTx0a5rz+ehINFKBxuzJ31yO2Or+MYjQU2gNA7WQNRr/MRCAd3aa
P2eogwRT7QtjFpxA0w0GOT9FtU7deI6TO3I7/ZxysgyfsHtUsle2IU8vGo1CSxp9
8bCI2Fc3QXUIK2E6sYqqcZfagimYn3hGtTkX5UA/dkMGGNPzMQzJAdU9SscJhDE5
sWkE0zxaTMujeTWo1Yq5wyMENIHdo2BpXMSBQPf2yeK4PXQLYki/PA==
=j9L9
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050716143946.GA88475>