Date: Tue, 8 Oct 2002 13:23:08 +0300 From: Peter Pentchev <roam@ringlet.net> To: Mike Hoskins <mike@adept.org> Cc: Riley <rileyjmc@pacbell.net>, FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: chkrootkit help Message-ID: <20021008102308.GB376@straylight.oblivion.bg> In-Reply-To: <20021007131203.L83742-100000@fubar.adept.org> References: <HEEELMCBPANKADCOBOFPKEPCGPAA.rileyjmc@pacbell.net> <20021007131203.L83742-100000@fubar.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--1UWUbFP1cBYEclgG Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 07, 2002 at 01:33:04PM -0700, Mike Hoskins wrote: > On Mon, 7 Oct 2002, Riley wrote: [snip] > > Oct 7 03:13:56 aji sendmail[91248]: g97A2rnm091248: SYSERR(root): coll= ect: > > I/O error on connection from [203.48.40.139], from=3D<News@ineedhits.c= om> > > Oct 7 08:45:13 aji /kernel: file: table is full > <snip> >=20 > OK, most of these look IO related... But what's this mean? >=20 > > Oct 7 09:23:28 aji inetd[93322]: pop3/tcp: root: no such user > <snip> > > Oct 7 09:30:53 aji /kernel: pid 93340 (cron), uid 0: exited on signal = 11 > > (core dumped) >=20 > If 'root' really doesn't exist, then who is uid 0? It might well be that the POP3 service does not authenticate against the system passwd file; think 'virtual domains'. There might be no user named 'root' in the virtual domain requested, even though there is such a user on the local machine :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If wishes were fishes, the antecedent of this conditional would be true. --1UWUbFP1cBYEclgG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9orIM7Ri2jRYZRVMRAqOkAKCOIyzo8Vitply7eIDUPcn5O3pYpQCfSNnK zsxhtsjdkudVTcNGuWeFod8= =RCsQ -----END PGP SIGNATURE----- --1UWUbFP1cBYEclgG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021008102308.GB376>