Hello All,
There have been a few things in my LogWatch report that I do not understand, and one that seems critical to me
Given the following excerpt :
**Unmatched Entries** open(/dev/pts/0): No such file or directory open(/dev/pts/0): No such file or directory
WARNING: Kernel Errors Present vesafb: probe of vesafb0 failed with error -6...: 1 Time(s)
Errors running install command: sound_slot_1 : 4 Time(s)
Connections:
Service sgi_fam:
<no address>: 2 Time(s)**Unmatched Entries** gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user "winston"
**Unmatched Entries**
STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or directory: 1 Time(s)
Failed to bind: 0.0.0.0 port 22 (Address already in use) : 1 Time(s)
**Unmatched Entries** pam_succeed_if: requirement "uid < 100" not met by user "winston" pam_succeed_if: requirement "uid < 100" not met by user "winston" pam_succeed_if: requirement "uid < 100" not met by user "winston" pam_succeed_if: requirement "uid < 100" not met by user "winston" pam_succeed_if: requirement "uid < 100" not met by user "winston"
The main thing I wondered about is "0.0.0.0 port 22 (Address already in use) : 1 Time(s)"
Is my sshd compromised ?
Michael Yep Development / Technical Operations RemoteLink, Inc. (630) 983-0072 x164
