Date: Sat, 16 Jul 2005 15:39:46 +0100 From: Stacey Roberts <stacey@vickiandstacey.com> To: freebsd-questions@FreeBSD.org Subject: Strange messages log entry Message-ID: <20050716143946.GA88475@crom.vickiandstacey.com>
next in thread | raw e-mail | index | archive | help
--0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I've noted a strange entry in /var/log/messages on machine here that I= 'm hoping someone might be able to shed some light on, please. Here is what= I found: su: _secure_path: /nonexistent/.login_conf is not owned by uid 65534 There are two (2) entries at exactly 04:15 this morning, and they are the o= nly two entries of this kind in /var/log/messages, and I can't think what i= t is that could be the origin of them.=20 The machine itself is only running rsync as the only really active service,= and is behind a Cisco c-2514 running CBAC with STATIC (for this machine on= ly) and DYNAMIC NAT, and there is another firewall in front of this Cisco f= or the whole local network. The static NAT entry on the router is set up in order to construct an ACL e= ntry that permits only one laptop to backup its files to the FreeBSD server= via rsync. The laptop itself has not been powered up for over a week now a= nd was not on at the time of the log entry. Here's what's running on the server: # sockstat -4l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root rsync 635 5 tcp4 *:873 *:* root portsentry 499 0 udp4 *:1 *:* root portsentry 499 1 udp4 *:7 *:* root portsentry 499 2 udp4 *:9 *:* root portsentry 499 3 udp4 *:69 *:* root portsentry 499 4 udp4 *:161 *:* root portsentry 499 5 udp4 *:162 *:* root portsentry 499 6 udp4 *:513 *:* root portsentry 499 7 udp4 *:635 *:* root portsentry 499 8 udp4 *:640 *:* root portsentry 499 9 udp4 *:641 *:* root portsentry 499 10 udp4 *:700 *:* root portsentry 499 11 udp4 *:37444 *:* root portsentry 499 12 udp4 *:34555 *:* root portsentry 499 13 udp4 *:31335 *:* root portsentry 499 14 udp4 *:32770 *:* root portsentry 499 15 udp4 *:32771 *:* root portsentry 499 16 udp4 *:32772 *:* root portsentry 499 17 udp4 *:32773 *:* root portsentry 499 18 udp4 *:32774 *:* root portsentry 499 19 udp4 *:31337 *:* root portsentry 499 20 udp4 *:54321 *:* root portsentry 497 0 tcp4 *:1 *:* root portsentry 497 1 tcp4 *:11 *:* root portsentry 497 2 tcp4 *:15 *:* root portsentry 497 3 tcp4 *:79 *:* root portsentry 497 4 tcp4 *:111 *:* root portsentry 497 5 tcp4 *:119 *:* root portsentry 497 6 tcp4 *:143 *:* root portsentry 497 7 tcp4 *:540 *:* root portsentry 497 8 tcp4 *:635 *:* root portsentry 497 9 tcp4 *:1080 *:* root portsentry 497 10 tcp4 *:1524 *:* root portsentry 497 11 tcp4 *:2000 *:* root portsentry 497 12 tcp4 *:5742 *:* root portsentry 497 13 tcp4 *:6667 *:* root portsentry 497 14 tcp4 *:12345 *:* root portsentry 497 15 tcp4 *:12346 *:* root portsentry 497 16 tcp4 *:20034 *:* root portsentry 497 17 tcp4 *:27665 *:* root portsentry 497 18 tcp4 *:31337 *:* root portsentry 497 19 tcp4 *:32771 *:* root portsentry 497 20 tcp4 *:32772 *:* root portsentry 497 21 tcp4 *:32773 *:* root portsentry 497 22 tcp4 *:32774 *:* root portsentry 497 23 tcp4 *:40421 *:* root portsentry 497 24 tcp4 *:49724 *:* root portsentry 497 25 tcp4 *:54320 *:* root sendmail 465 4 tcp4 127.0.0.1:25 *:* root sshd 459 4 tcp4 *:22 *:* # SSHD access to the server is only available to one other machine in that Ci= sco protected network that is not accessible from anywhere else on either t= he Cisco-protected network, nor any other networks locally, or externally. If anyone is able to provide any hints as to where that entry might have co= me from, or any information as to what it literally means, I'd appreciate i= t greatly. If there are any other bits of information I can provide, then p= lease let me know. Thanks for the time. Regards, Stacey --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQtkcLdetyy/wI4UpAQEOIggA2XRyEkd9+h5udI7mvWgtidn8HSw2NH/g uyNmM1auR8A4WIQMzT1DUuC0gpTRyEGXNxphEHj3WVaMxa1zbzHtIzV0vpU+wqEm EqBzxxNYz6OCTTx0a5rz+ehINFKBxuzJ31yO2Or+MYjQU2gNA7WQNRr/MRCAd3aa P2eogwRT7QtjFpxA0w0GOT9FtU7deI6TO3I7/ZxysgyfsHtUsle2IU8vGo1CSxp9 8bCI2Fc3QXUIK2E6sYqqcZfagimYn3hGtTkX5UA/dkMGGNPzMQzJAdU9SscJhDE5 sWkE0zxaTMujeTWo1Yq5wyMENIHdo2BpXMSBQPf2yeK4PXQLYki/PA== =j9L9 -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050716143946.GA88475>