I just wondered what "pam_succeed_if: requirement "uid < 100" not met by user" meant
the bind is refering to the port / socket I am sure, here is /var/log/secure
Jul 11 10:26:52 localhost sshd[3375]: Received signal 15; terminating.
Jul 11 20:51:00 localhost sshd[3374]: Server listening on :: port 22.
Jul 11 20:51:00 localhost sshd[3374]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Jul 11 20:51:23 localhost xinetd[3389]: START: sgi_fam pid=3909 from=<no address>
Jul 11 21:36:20 localhost sshd[4407]: pam_succeed_if: requirement "uid < 100" not met by user "winston"
Jul 11 21:36:20 localhost sshd[4407]: Accepted password for winston from ::ffff:192.168.1.101 port 1026 ssh2
Jul 11 21:36:20 localhost sshd[4409]: subsystem request for sftp
Jul 11 21:56:35 localhost sshd[4409]: Received disconnect from ::ffff:192.168.1.101: 11: Disconnect requested by Windows SSH Client.
Jul 12 01:41:40 localhost userhelper[4502]: running '/sbin/reboot' with root privileges on behalf of 'root'
Jul 12 01:41:44 localhost sshd[3374]: Received signal 15; terminating.
At 04:42 PM 7/12/2004, you wrote:
On Mon, 2004-07-12 at 14:48, Michael Yep wrote:
> Hello All,
>
> There have been a few things in my LogWatch report that I do not
> understand, and one that seems critical to me
>
> Given the following excerpt :
>
> **Unmatched Entries**
> open(/dev/pts/0): No such file or directory
> open(/dev/pts/0): No such file or directory
>
> WARNING: Kernel Errors Present
> vesafb: probe of vesafb0 failed with error -6...: 1 Time(s)
>
> Errors running install command:
> sound_slot_1 : 4 Time(s)
>
> Connections:
> Service sgi_fam:
> <no address>: 2 Time(s)
>
> **Unmatched Entries**
> gdm[3792]: pam_succeed_if: requirement "uid < 100" not met by user "winston"
>
> **Unmatched Entries**
> STARTTLS=server: file /etc/mail/certs/cert.pem unsafe: No such file or
> directory: 1 Time(s)
>
> Failed to bind:
> 0.0.0.0 port 22 (Address already in use) : 1 Time(s)
>
> **Unmatched Entries**
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
> pam_succeed_if: requirement "uid < 100" not met by user "winston"
>
>
> The main thing I wondered about is "0.0.0.0 port 22 (Address already in
> use) : 1 Time(s)"
> Is my sshd compromised ?
>
>
With the data globbed it is hard to say.
The ones that I don't care for is the "Failed to bind" bind can be either a bash builtin such as bind keystrokes to a macro (man 1 bind) or bind a socket to a local address (man 5 bind) sgi_fam (fam is the file alteration monitor)
pts read pseudo-terminal master slave (man 4 pts)
A Google of the winston indicates that this is a Atari game emulator.
vesafb is a video frame buffer issue. sound_slot_1 (probably sound card missing or misconfigured )
What does /var/log/secure contain?
As far as ssh it can be bound to a specific IP address (see man 8 sshd, man 5 hosts_access) --
jludwig <wralphie@xxxxxxxxxxx>
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
Michael Yep Development / Technical Operations RemoteLink, Inc. (630) 983-0072 x164
