On Mon, 2004-07-12 at 14:48, Michael Yep wrote: > Hello All, > > There have been a few things in my LogWatch report that I do not > understand, and one that seems critical to me > > Given the following excerpt : > > **Unmatched Entries** > open(/dev/pts/0): No such file or directory > open(/dev/pts/0): No such file or directory > > WARNING: Kernel Errors Present > vesafb: probe of vesafb0 failed with error -6...: 1 Time(s) > > Errors running install command: > sound_slot_1 : 4 Time(s) > > Connections: > Service sgi_fam: > <no address>: 2 Time(s) > > **Unmatched Entries** > gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user "winston" > > **Unmatched Entries** > STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or > directory: 1 Time(s) > > Failed to bind: > 0.0.0.0 port 22 (Address already in use) : 1 Time(s) > > **Unmatched Entries** > pam_succeed_if: requirement "uid < 100" not met by user "winston" > pam_succeed_if: requirement "uid < 100" not met by user "winston" > pam_succeed_if: requirement "uid < 100" not met by user "winston" > pam_succeed_if: requirement "uid < 100" not met by user "winston" > pam_succeed_if: requirement "uid < 100" not met by user "winston" > > > The main thing I wondered about is "0.0.0.0 port 22 (Address already in > use) : 1 Time(s)" > Is my sshd compromised ? > > > > > Michael Yep > Development / Technical Operations > RemoteLink, Inc. > (630) 983-0072 x164 With the data globbed it is hard to say. The ones that I don't care for is the "Failed to bind" bind can be either a bash builtin such as bind keystrokes to a macro (man 1 bind) or bind a socket to a local address (man 5 bind) sgi_fam (fam is the file alteration monitor) pts read pseudo-terminal master slave (man 4 pts) A Google of the winston indicates that this is a Atari game emulator. vesafb is a video frame buffer issue. sound_slot_1 (probably sound card missing or misconfigured ) What does /var/log/secure contain? As far as ssh it can be bound to a specific IP address (see man 8 sshd, man 5 hosts_access) -- jludwig <wralphie@xxxxxxxxxxx>
